10850 Posts in 2517 Topics by 1793 members
|Go to End|
26 June 2009 at 5:41am
I'm having trouble getting SilverStripe to auto-add accounts when logging in using an external authentication source. We use Active Directory. I have the External Authentication module installed and everything displays correctly, but when I try to login with my AD creds it rejects them. I've modified _config.php to the following:
I know it can authenticate though because I hooked up my AD username to the administrator profile that is created when you first install SilverStripe through the Profile -> External Authenication tab, and it accepts the password fine and logs me in as the administrator.
If anyone has experience with this problem help would be much appreciated. I'll post if I find a solution on my own.
26 June 2009 at 8:11am Last edited: 26 June 2009 8:38am
I should also mention I have in fact created the group Users and given it full admin privs.
I've gotten SS to auto add the account, but for some reason the email comes in as root@localhost even though I have the default email address specified as ccom.unh.edu, and I have no idea why it would be using root instead of the username that was entered. I'm now trying to resolve this issue.
27 June 2009 at 3:29am Last edited: 27 June 2009 3:29am
Problem Found, solution in progress
In the lookupDetails function of the LDAP driver is the following hunk of code:
$lookupdetails = array('shadowlastchange' => array('value' => false, 'attr' => 'shadowlastchange'),
'shadowmin' => array('value' => false, 'attr' => 'shadowmin'),
'shadowmax' => array('value' => false, 'attr' => 'shadowmax'),
'shadowwarning' => array('value' => false, 'attr' => 'shadowwarning'),
'firstname' => array('value' => 'unknown',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'firstname_attr'))
'surname' => array('value' =>'unknown',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'surname_attr'))
'email' => array('value' => 'root@localhost',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'email_attr'))
I had assumed that when a person logged in as a user in LDAP it would grab the mail field and plop that in, which this does. However, if the mail field is not set in LDAP I also assumed that it would take whatever the login ID was that was submitted and append the value that was specified in setDefaultDomain. This in fact doesn't happen as can be seen above, it simply just drops in 'root@localhost'. I don't know if Lancer plans on adding this feature, it would be really nice if he did. I'm viewing this as a bug and will submit it in a report.
30 June 2009 at 7:58pm
Ticket 4313 in trac: http://open.silverstripe.com/ticket/4313
Will fix this for 0.4. Right now the trunk should be considered as unstable. The mechanism has had a huge overhaul (drivers hardly changed though)
Thanks for reporting this.
|Go to Top|