Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » External Authenticator

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1 2 3 4 5 6 7
Go to End
Author Topic: 62615 Views
  • Sam
    Avatar
    Administrator
    679 Posts

    Re: External Authenticator Link to this post

    Hi,

    The SilverStripe core team recommends Apache over Lighttpd. We use lighty in the installer because it was easier for us to build into a standalone installer.

  • xzelan
    Avatar
    Community Member
    20 Posts

    Re: External Authenticator Link to this post

    Hi Lancer,

    I'm using adsiedit.msc as you recommended on http://doc.silverstripe.com/doku.php?id=modules:auth_ext_ad

    See attached screenshot of the layout. Below is a copy of my _config.php (removed comments from post to save space). Hopefully, it's something obvious!

    <?php

    Authenticator::register_authenticator("ExternalAuthenticator");
    ExternalAuthenticator::createSource('corp_ad','LDAP','Corporate Directory');
    ExternalAuthenticator::setAuthSequential(false);
    ExternalAuthenticator::setIdDesc('User ID');
    ExternalAuthenticator::setAuthServer('corp_ad','ts.totaleyecare.com.au');
    ExternalAuthenticator::setOption('corp_ad', 'basedn', 'cn=Users,dc=totaleyecare,dc=com,dc=au');
    ExternalAuthenticator::setOption('corp_ad', 'attribute', 'sAMAccountName');
    ExternalAuthenticator::setAutoAdd('corp_ad', false);
    ExternalAuthenticator::setOption('corp_ad', 'bind_as','cn="silverstripe,cn=Users,dc=totaleyecare,dc=com,dc=au"');
    ExternalAuthenticator::setOption('corp_ad', 'bind_pw', 'secret');
    ExternalAuthenticator::setOption('corp_ad', 'firstname_attr', 'givenName');
    ExternalAuthenticator::setOption('corp_ad', 'surname_attr', 'sn');
    ExternalAuthenticator::setOption('corp_ad', 'email_attr', 'userPrincipalName');

    ?>

  • lancer
    Avatar
    57 Posts

    Re: External Authenticator Link to this post

    You could try
    e.g. http://www.pegacat.com/jxplorer/

    with the silverstripe account to validate to validate your AD config.

  • xzelan
    Avatar
    Community Member
    20 Posts

    Re: External Authenticator Link to this post

    I've attached a screenshot of JXplorer happily browsing the AD using the "silverstripe" username as you suggested, rather than "Administrator". However, I still get "Could not bind to LDAP server."

    I've also attached a screenshot of the security tab of the cms.

  • JBlond
    Avatar
    Community Member
    1 Post

    Re: External Authenticator Link to this post

    Hi @all

    I had the same problem as xzelan and was stuck at the error message "Could not bind to LDAP server." (Windows Small Business Server 2003 with SP2)

    But after I have changed the user name in the second last line of the _config.php from the DN to the UPN (User Principal Name), it worked immediately.

    ExternalAuthenticator::setOption('testldap', 'bind_as','testuser@your.domain');

    Hope that helps.
    Matthias

  • xzelan
    Avatar
    Community Member
    20 Posts

    Re: External Authenticator Link to this post

    Thanks Matthias! That may have fixed it for me also. Now I get the message below, which I think is just some code we were using for testing. Is that correct Lancer?

    hello(sAMAccountName=silverstripe)Array ( [count] => 1 [0] => Array ( [samaccountname] => Array ( [count] => 1 [0] => silverstripe ) [0] => samaccountname [count] => 1 [dn] => CN=silverstripe,CN=Users,DC=totaleyecare,DC=com,DC=au ) )

  • lancer
    Avatar
    57 Posts

    Re: External Authenticator Link to this post

    It seems External Authenticator is broken for SilverStripe 2.2.2
    http://open.silverstripe.com/ticket/2536

    (I know, I should have tested with the RC's)

    This fix is very simple however. See the bug report.

    (PS. xzelan, correct, but I guess you found out already in the mean time)

  • xzelan
    Avatar
    Community Member
    20 Posts

    Re: External Authenticator Link to this post

    Sorry, I'm confused, I changed:

    public static function authenticate(array $RAW_data, Form $form = null)


    into

    public static function authenticate($RAW_data, Form $form = null)


    but now I get:

    Fatal error: Declaration of ExternalAuthenticator::authenticate() must be compatible with that of Authenticator::authenticate() in C:\lighttpd\htdocs\auth_external\code\ExternalAuthenticator.php on line 458

    when I do a:
    http://localhost:3000/db/build?flush=1

    62615 Views
Page: 1 2 3 4 5 6 7
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.