Project of the Month - April 2006

OpenLDAP/Active Directory Authentication

Description of project

Trove Info

Why are you a leading contributor in the SugarCRM community? What are the benefits that you experience from your involvement?

Erik: I suppose it's just luck. I started the ldap_auth project to satisfy a business need for Logic/MDC in implementing SugarCRM. The original code that I did was a simple patch to User.php and an addition to the configuration. Ray Gauss did a great job of improving the code and modularizing it according to the SugarCRM module spec. Because of his improvements to the original hack, ldap_auth is now easy to install and configure. So I've definitely benefited from his involvement.

Ray: Finding time to devote to developing open source projects is difficult but the sense of giving back to a community that provides a great code base to build on is definitely satisfying. Developing project extensions also helps you to become intimately familiar with the product and will result in faster deployment and integration.

What other projects have you been involved with on SugarForge.org?

Erik: None.

Ray:

Google Map of Address
Opens a Google map of an account or contact's address in a new window.

iCal Patch
Allows Apple iCal users to subscribe to the SugarCRM server and get to-dos and events.

Sugar Portal for Mambo
Contributed a ProjectTask module to allow clients to see estimates and the status of their projects.

What inspired you to create this project?

Erik: We use a lot of different open source packages at my company and a constant goal is integrating authentication with our Active Directory server, so users only have to remember one password and we only have to set one policy for updating passwords. We also run an OpenLDAP directory for external user accounts so while I was doing the original hack I thought it would be useful for people to build in compatibility for both systems, as they both use the PHP ldap extensions.

Ray: Well, I wasn't the original creator, Erik was, but I was inspired to contribute to it because authentication via LDAP seemed such a common need for an application like SugarCRM and Erik's code was a great start toward what I needed.

What business pain points were you solving specifically?

Erik: Trying to minimize the number of passwords internal users have to maintain, and trying to reduce the amount of time IT has to spend on dealing with user account/password issues.

Because SugarCRM is open source, and because all of our users have accounts in AD, there was no administrative time required to essentially grant everyone access to CRM, as the ldap_auth mod creates accounts automatically the first time a user logs in. We've recently merged with a larger company and we're in the process of integrating our sales processes. SugarCRM and the ldap_auth mod allow us to extend access easily to the added users. We're also able to customize SugarCRM to interact with other internal systems far beyond what we were able to do with Salesforce.

Ray: Having to setup and maintain users in several different applications can become unwieldily very quickly, so being able to authenticate against a central user repository like an LDAP store makes things much easier for administrators.

Is there anything that the users should know about those? Something hidden/new in these modules? Think of this as an opportunity to describe how it works to a user.

Erik: The automatic account creation is great for a company of any size, as the software can be rolled out without a lot of extra effort for administrators to create accounts. It's done automatically.

Ray: In addition to the convenience of the central repository an LDAP store provides, it may support stronger methods of authentication which would not have been supported internally by the applications that authenticate against it. The ldap_auth patch first determines how to construct the bind username expected by the LDAP server for the SugarCRM username entered then attempts to bind (via that constructed username) to the LDAP server with the password the user entered. The LDAP server is then responsible for determining what type of password authentication it should use and returns either a successful bind and some user attributes or a failed bind which results in a failed SugarCRM authentication.

What would you say to encourage additional community participation?

Erik: Don't underestimate the contribution others can make to your idea. Again, I have to hand it to Ray for really improving my original work, which was essentially a hack, and making it a quality module.

Ray: If you're a SugarCRM developer/administrator it's likely that you've used some extension which solved a problem quickly and at no cost. How sweet was that? Somewhere out there, there's a frustrated administrator like you that can use your code, end their suffering and release it.

Also, if another developer ends up releasing a similar addition to the open source community there's a good chance you'll eventually have to migrate to that addition due to a greater feature set developed through interaction with the community. When you do have to migrate there's a good chance you'll have to change several sections of other proprietary code that interacted with your unreleased version of the addition. By releasing a new project or joining an existing one and contributing code you can avoid having to maintain or migrate your proprietary 'hacks'.

In addition, contributions can give you, the code developer, great exposure.

What do you want to build next for Sugar Suite?

Erik: I want to build a module to encapsulate all the various tweaks I have done on the software specific to my company, for one thing, to make it less work to keep up with upgrades to the core suite.

Beyond that, my users are telling me they really miss the "merge records" and "find duplicates" features that existed in Salesforce. I know SugarCRM has some capability there, but my users are telling me that it isn't sufficient for the amount of housekeeping they need to do with the number of leads we get in.

Ray: I've started an invoice / estimates module which will group ProjectTasks, calculate the total billable cost to the client with some additional user fields, and output PDFs.