Jump to:

10994 Posts in 2728 Topics by 1819 members

All other Modules

SilverStripe Forums » All other Modules » External Auth module - auto account creation issue

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 2800 Views
  • Peabs
    Avatar
    Community Member
    3 Posts

    External Auth module - auto account creation issue Link to this post

    Hi,

    I'm having trouble getting SilverStripe to auto-add accounts when logging in using an external authentication source. We use Active Directory. I have the External Authentication module installed and everything displays correctly, but when I try to login with my AD creds it rejects them. I've modified _config.php to the following:

    ExternalAuthenticator::setAutoAdd('ccomAD', 'Users');
    //ExternalAuthenticator::setAutoAdd('ccomAD', false);

    and

    ExternalAuthenticator::setDefaultDomain('ccomAD', 'ccom.unh.edu');

    I know it can authenticate though because I hooked up my AD username to the administrator profile that is created when you first install SilverStripe through the Profile -> External Authenication tab, and it accepts the password fine and logs me in as the administrator.

    If anyone has experience with this problem help would be much appreciated. I'll post if I find a solution on my own.

    Cheers,
    Les

  • Peabs
    Avatar
    Community Member
    3 Posts

    Re: External Auth module - auto account creation issue Link to this post

    I should also mention I have in fact created the group Users and given it full admin privs.

    ----------UPDATE----------------
    I've gotten SS to auto add the account, but for some reason the email comes in as root@localhost even though I have the default email address specified as ccom.unh.edu, and I have no idea why it would be using root instead of the username that was entered. I'm now trying to resolve this issue.

  • Peabs
    Avatar
    Community Member
    3 Posts

    Re: External Auth module - auto account creation issue Link to this post

    Problem Found, solution in progress
    -----------------------------------------
    In the lookupDetails function of the LDAP driver is the following hunk of code:

    $lookupdetails = array('shadowlastchange' => array('value' => false, 'attr' => 'shadowlastchange'),
    'shadowmin' => array('value' => false, 'attr' => 'shadowmin'),
    'shadowmax' => array('value' => false, 'attr' => 'shadowmax'),
    'shadowwarning' => array('value' => false, 'attr' => 'shadowwarning'),
    'firstname' => array('value' => 'unknown',
    'attr' => strtolower(ExternalAuthenticator::getOption($source, 'firstname_attr'))
    ),
    'surname' => array('value' =>'unknown',
    'attr' => strtolower(ExternalAuthenticator::getOption($source, 'surname_attr'))
    ),
    'email' => array('value' => 'root@localhost',
    'attr' => strtolower(ExternalAuthenticator::getOption($source, 'email_attr'))
    )
    );

    I had assumed that when a person logged in as a user in LDAP it would grab the mail field and plop that in, which this does. However, if the mail field is not set in LDAP I also assumed that it would take whatever the login ID was that was submitted and append the value that was specified in setDefaultDomain. This in fact doesn't happen as can be seen above, it simply just drops in 'root@localhost'. I don't know if Lancer plans on adding this feature, it would be really nice if he did. I'm viewing this as a bug and will submit it in a report.

  • lancer
    Avatar
    57 Posts

    Re: External Auth module - auto account creation issue Link to this post

    Ticket 4313 in trac: http://open.silverstripe.com/ticket/4313

    Will fix this for 0.4. Right now the trunk should be considered as unstable. The mechanism has had a huge overhaul (drivers hardly changed though)

    Thanks for reporting this.

    2800 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.