So, I've been seriously looking into what it will take to get phpBB and Drupal integrated.
Single Sign On Solutions
The main reason we want this would be so users only experience one login for the site.
There are several ways we can accomplish this. LDAP or Drupal phpBB module.
LDAP will let users sign into either drupal or phpbb with one login.
- Single login account.
- Future web applications can use LDAP too.
- Drupal password hashes are in MD5 so we can import them into LDAP.
- Drupal is pretty good about updating and creating LDAP accounts.
- Sessions aren't shared so users will have to login twice; once for the site and once for the forum.
- PhpBB3 uses their own password hash so we can't import them into LDAP.
- PhpBB3 can't create or edit LDAP accounts. If a user tries to create an account through PhpBB3 or modify their account password this is an issue. I think these things can be disabled though.
Drupal LDAP modules:
http://drupal.org/project/ldap_provisioning | This is so users can create LDAP accounts using Drupal
phpBB Drupal Module
The PhpBB Drupal module works to handle user- and session-management for phpBB. It essentially works by taking things from the Drupal database and updating the PhpBB database each time a user logs in.
- Effectively acts as a single login account between Drupal and phpBB
- Sessions are shared. User only needs to login once (through Drupal) to access the forum.
- Provides a block that lists recent topics from the forum that can be placed somewhere in Drupal.
- Only works between Drupal and phpBB. This is fine if those are the only two web apps.
- I don't think it can migrate phpBB accounts back into Drupal. This issue is similar to LDAP but it might be possible to work around this by creating Drupal users that link to their phpBB accounts and force everyone to reset their passwords next time they visit.
More info on the Drupal phpBB module:
Solving Account Migration/Merging between Drupal and phpBB
So I haven't found a good solution that's already documented about how to merge Drupal and phpBB users that already exist.
Here is my idea of a solution to this problem using both LDAP and the phpBB module:
- phpBB accounts should probably take priority in my case because it has been running longer, has the most accounts, and is a service most often used.
- Use the users' emails as the key to search whether a user exists in both systems. Searching by email should be more reliable than usernames.
- Because of this, we should notify users ahead of time to update their e-mails. Maybe even encourage them to make sure that their drupal and phpbb account e-mails match if they want to ensure a smooth migration for their account.
- If the keys match, and a user has an account for both Drupal and phpBB, we can build an LDAP account for them. The username should be the phpBB account username, and the password can be taken from the Drupal md5 password hash.
- If the key doesn't match and the account only exists in phpBB, we can build an LDAP account based on the phpBB account, but generate a random password. We'll send the password out to the user by e-mail, and tell the user how to change it.
- At this point we might want to check if there are any accounts left who have the same username (different email) and use the above logic. Note: phpBB uses case sensitive usernames, drupal does not.
- If the key doesn't match and the account only exists in Drupal, we can build the LDAP account from it, or leave the account out if we suspect it's a duplicate account (someone signed up with a different e-mail).
- Drupal should then be setup with the phpBB module.
- Finally, we delete the Drupal accounts and enable Drupal to authenticate using LDAP. (Actually, we may be able to keep the drupal accounts that matched, this way they retain their Drupal user ID numbers.) ~~~ Hm.... the uid in drupal and the user_id in phpBB probably need to match for their accounts to be properly linked.
- When the user logs in with their LDAP account, Drupal will authenticate them for both itself and their phpBB account (which should still exist).
(unless otherwise marked) Copyright 2002-2014 YakPeople. All rights reserved.