Forum OpenACS Q&A: Response to Authentication
I wrote a Perl script that takes a name and password and checks it against the Active Directory via LDAP. It used Win32::OLE. If authentication succeeds, the script fetches the user's full name from the AD and prints it. The Perl script just gets exec'ed from a TCL function that checks the return value and any output.
All of the changes I made to OpenACS were in acs-subsite/www/register/. Most of them were small things, like changing the ADP pages to say "Windows Username" instead of "Email". The authentication logic in user-login.tcl is the only real code that needs to be changed. If authentication succeeds, I check the username against the existing OpenACS accounts. If it is not there, I create the user using the first and last names returned by the Perl script. If ADSI authentication fails it uses the built-in authentication. Since this was a toy installation, I didn't bother with deleting accounts, etc.