Validate User account on AD

I will like to authenticate the user credentials from our AD.

Lets say there is a user created in xibo…whenever the user attempts log in, the password should be authenticated against the AD details.

It’s not possible in the current stable version.

1.8 has support for authenticating via SAML which you can then integrate with Active Directory.

Thank you alex…can you please point me to an instruction to upgrade to 1.8 on IIS?

1.8 isn’t released for production use yet.

Hello, I’m on 1.7.8 when i will switch on 1.8, must i buy again licence android ?
For now i’m not in production, also i can wait the 1.8 for integrate user account.

Hello mouserin, i think the licence for the android boxes are specific to the android player version and not the cms version.if your version is still compatible with the cms 1.8 (which i believe should be), you dont need to purchase new licences.

Android is licenced per major version - so currently you would be purchasing 1.7 series licences.

When you come to upgrade to 1.8 series CMS, you will need to purchase an upgrade licence for your Xibo for Android devices. Once in 1.8 series, you can then upgrade to any release within that series at no charge.

There is no obligation to upgrade your CMS from 1.7 to 1.8 series however - only if you want to use the new features and fixes therein.

well…i was able to enforce validating user creation using ldap by editing

i added

// Validation
// LDAP variables
$ldaphost = “”; // your ldap servers
// your ldap server’s port number

// Connecting to LDAP
$ldapconn = ldap_connect($ldaphost)
  or die("Could not connect to host");

//search user in /Admin/IT/Users

$dn = "dc=example,dc=com";

$filter = "(uid=" . $this->userName . ")";
$attr = array("memberof");
$result = ldap_search($ldapconn , $dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldapconn, $result);
$datastatus = $entries["count"];
if ($datastatus !== 1)
	return $this->SetError(__('cannot validate user on Active Directory'));

to the top of function add in
I am hoping to i can write a similar function around function.login in module.user general . php on enable authentication

i think i got this to authenticate via AD using this

change function login in module.user.general.php

function login($username, $password)
    $db =& $this->db;


    // Active Directory server
      $ldap_host = "";

      // Active Directory DN
      $ldap_dn = "dc=example,dc=com";
        // connect to active directory
        $ldap = ldap_connect($ldap_host)
            or die("Couldn't connect to LDAP Server");
              $dn = "uid=".$username.",";
              ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
              // verify user and password
if($bind = @ldap_bind($ldap, $dn . $ldap_dn, $password)) {
  $dbh = PDOConnect::init();
  $sth = $dbh->prepare('SELECT UserID, UserName, UserPassword, UserTypeID FROM `user` WHERE UserName = :userName');
  $sth->execute(array('userName' => $username));
  $rows = $sth->fetchAll();
  $userInfo = $rows[0];

else { setMessage(__('Username or Password incorrect'));
    return false;
    // there is a result so we store the userID in the session variable
    $_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
    $_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
    $_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);

    // Set the User Object
    $this->usertypeid = $_SESSION['usertype'];
    $this->userid = $_SESSION['userid'];

    // update the db
    // write out to the db that the logged in user has accessed the page
    $SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);

    $db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);

    // Switch Session ID's
    global $session;

    return true;

add you extra security check as pleased

but you must have created one of the AD users as admin before editing because your old admin wontnot have access anymore.

Hello Babatunde_Ahmed,
can you tell me in which folder you found/ edit the files “” and “module.user.general.php”.
I’m not sure what i’m doing wrong but i’m not able to find both files.

Hello Jannis, Sorry this is coming late, This solution was for the 1.7 version and you can easily search this on the whole project folder.

Alex - can you send me the info to authenticate user with AD. I’m using version 1.8.2 cms.

You need Active Directory Federation Services running to act as a SAML IdP.

Once you have that, you can connect Xibo to it as documented in the manual:

Is there a way to set password expired or perhaps, force the user to change password first logon

If you’re using SAML then Xibo has no role in the password at all. It’s totally up to your IdP to enforce any password age, complexity etc requirements.

If you’re not using SAML, then no, Xibo doesn’t have ways to force password changes. It does have a complexity check so you can ensure users set sensibly complex passwords, to whatever rule you want to enforce.