Hi,
The SilverStripe core team recommends Apache over Lighttpd. We use lighty in the installer because it was easier for us to build into a standalone installer.
This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Hi,
The SilverStripe core team recommends Apache over Lighttpd. We use lighty in the installer because it was easier for us to build into a standalone installer.
Hi Lancer,
I'm using adsiedit.msc as you recommended on http://doc.silverstripe.com/doku.php?id=modules:auth_ext_ad
See attached screenshot of the layout. Below is a copy of my _config.php (removed comments from post to save space). Hopefully, it's something obvious!
<?php
Authenticator::register_authenticator("ExternalAuthenticator");
ExternalAuthenticator::createSource('corp_ad','LDAP','Corporate Directory');
ExternalAuthenticator::setAuthSequential(false);
ExternalAuthenticator::setIdDesc('User ID');
ExternalAuthenticator::setAuthServer('corp_ad','ts.totaleyecare.com.au');
ExternalAuthenticator::setOption('corp_ad', 'basedn', 'cn=Users,dc=totaleyecare,dc=com,dc=au');
ExternalAuthenticator::setOption('corp_ad', 'attribute', 'sAMAccountName');
ExternalAuthenticator::setAutoAdd('corp_ad', false);
ExternalAuthenticator::setOption('corp_ad', 'bind_as','cn="silverstripe,cn=Users,dc=totaleyecare,dc=com,dc=au"');
ExternalAuthenticator::setOption('corp_ad', 'bind_pw', 'secret');
ExternalAuthenticator::setOption('corp_ad', 'firstname_attr', 'givenName');
ExternalAuthenticator::setOption('corp_ad', 'surname_attr', 'sn');
ExternalAuthenticator::setOption('corp_ad', 'email_attr', 'userPrincipalName');
?>
You could try
e.g. http://www.pegacat.com/jxplorer/
with the silverstripe account to validate to validate your AD config.
I've attached a screenshot of JXplorer happily browsing the AD using the "silverstripe" username as you suggested, rather than "Administrator". However, I still get "Could not bind to LDAP server."
I've also attached a screenshot of the security tab of the cms.
Hi @all
I had the same problem as xzelan and was stuck at the error message "Could not bind to LDAP server." (Windows Small Business Server 2003 with SP2)
But after I have changed the user name in the second last line of the _config.php from the DN to the UPN (User Principal Name), it worked immediately.
ExternalAuthenticator::setOption('testldap', 'bind_as','testuser@your.domain');
Hope that helps.
Matthias
Thanks Matthias! That may have fixed it for me also. Now I get the message below, which I think is just some code we were using for testing. Is that correct Lancer?
hello(sAMAccountName=silverstripe)Array ( [count] => 1 [0] => Array ( [samaccountname] => Array ( [count] => 1 [0] => silverstripe ) [0] => samaccountname [count] => 1 [dn] => CN=silverstripe,CN=Users,DC=totaleyecare,DC=com,DC=au ) )
It seems External Authenticator is broken for SilverStripe 2.2.2
http://open.silverstripe.com/ticket/2536
(I know, I should have tested with the RC's)
This fix is very simple however. See the bug report.
(PS. xzelan, correct, but I guess you found out already in the mean time)
Sorry, I'm confused, I changed:
public static function authenticate(array $RAW_data, Form $form = null)
public static function authenticate($RAW_data, Form $form = null)
Fatal error: Declaration of ExternalAuthenticator::authenticate() must be compatible with that of Authenticator::authenticate() in C:\lighttpd\htdocs\auth_external\code\ExternalAuthenticator.php on line 458
when I do a:
http://localhost:3000/db/build?flush=1