Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

External Authenticator


Go to End


53 Posts   68906 Views

Avatar
Sam

Administrator, 690 Posts

4 May 2008 at 3:49pm

Hi,

The SilverStripe core team recommends Apache over Lighttpd. We use lighty in the installer because it was easier for us to build into a standalone installer.

Avatar
xzelan

Community Member, 20 Posts

6 May 2008 at 7:30pm

Hi Lancer,

I'm using adsiedit.msc as you recommended on http://doc.silverstripe.com/doku.php?id=modules:auth_ext_ad

See attached screenshot of the layout. Below is a copy of my _config.php (removed comments from post to save space). Hopefully, it's something obvious!

<?php

Authenticator::register_authenticator("ExternalAuthenticator");
ExternalAuthenticator::createSource('corp_ad','LDAP','Corporate Directory');
ExternalAuthenticator::setAuthSequential(false);
ExternalAuthenticator::setIdDesc('User ID');
ExternalAuthenticator::setAuthServer('corp_ad','ts.totaleyecare.com.au');
ExternalAuthenticator::setOption('corp_ad', 'basedn', 'cn=Users,dc=totaleyecare,dc=com,dc=au');
ExternalAuthenticator::setOption('corp_ad', 'attribute', 'sAMAccountName');
ExternalAuthenticator::setAutoAdd('corp_ad', false);
ExternalAuthenticator::setOption('corp_ad', 'bind_as','cn="silverstripe,cn=Users,dc=totaleyecare,dc=com,dc=au"');
ExternalAuthenticator::setOption('corp_ad', 'bind_pw', 'secret');
ExternalAuthenticator::setOption('corp_ad', 'firstname_attr', 'givenName');
ExternalAuthenticator::setOption('corp_ad', 'surname_attr', 'sn');
ExternalAuthenticator::setOption('corp_ad', 'email_attr', 'userPrincipalName');

?>

Avatar
lancer

57 Posts

6 May 2008 at 8:03pm

You could try
e.g. http://www.pegacat.com/jxplorer/

with the silverstripe account to validate to validate your AD config.

Avatar
xzelan

Community Member, 20 Posts

7 May 2008 at 3:31pm

I've attached a screenshot of JXplorer happily browsing the AD using the "silverstripe" username as you suggested, rather than "Administrator". However, I still get "Could not bind to LDAP server."

I've also attached a screenshot of the security tab of the cms.

Avatar
JBlond

Community Member, 1 Post

17 May 2008 at 1:41am

Edited: 17/05/2008 1:42am

Hi @all

I had the same problem as xzelan and was stuck at the error message "Could not bind to LDAP server." (Windows Small Business Server 2003 with SP2)

But after I have changed the user name in the second last line of the _config.php from the DN to the UPN (User Principal Name), it worked immediately.

ExternalAuthenticator::setOption('testldap', 'bind_as','testuser@your.domain'); 

Hope that helps.
Matthias

Avatar
xzelan

Community Member, 20 Posts

19 May 2008 at 12:13pm

Edited: 19/05/2008 12:15pm

Thanks Matthias! That may have fixed it for me also. Now I get the message below, which I think is just some code we were using for testing. Is that correct Lancer?

hello(sAMAccountName=silverstripe)Array ( [count] => 1 [0] => Array ( [samaccountname] => Array ( [count] => 1 [0] => silverstripe ) [0] => samaccountname [count] => 1 [dn] => CN=silverstripe,CN=Users,DC=totaleyecare,DC=com,DC=au ) )

Avatar
lancer

57 Posts

26 May 2008 at 6:43am

Edited: 26/05/2008 6:43am

It seems External Authenticator is broken for SilverStripe 2.2.2
http://open.silverstripe.com/ticket/2536

(I know, I should have tested with the RC's)

This fix is very simple however. See the bug report.

(PS. xzelan, correct, but I guess you found out already in the mean time)

Avatar
xzelan

Community Member, 20 Posts

26 May 2008 at 11:34am

Edited: 26/05/2008 11:36am

Sorry, I'm confused, I changed:

public static function authenticate(array $RAW_data, Form $form = null)

into
public static function authenticate($RAW_data, Form $form = null)

but now I get:

Fatal error: Declaration of ExternalAuthenticator::authenticate() must be compatible with that of Authenticator::authenticate() in C:\lighttpd\htdocs\auth_external\code\ExternalAuthenticator.php on line 458

when I do a:
http://localhost:3000/db/build?flush=1