Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Auth_external "Group does not exist"


Reply


7 Posts   1056 Views

Avatar
Bronwyn

Community Member, 20 Posts

4 May 2010 at 1:14pm

I'm setting up Silverstripe to use as our Department's website and intranet. I need to get auth-external working with auto-add accounts, because I'm damned if I want to add a gazillion new students to the database every year so they can log on to the intranet. I've got the authentication working for existing accounts, but when I get someone to try to log on using just the LDAP it doesn't work. The relevant bit of the log (with the actual username replaced by me with [user]) says:
"Tue, 04 May 10 12:55:59 +1200 - [user].ldap - LDAP Authentication success
Tue, 04 May 10 12:55:59 +1200 - [user] - authentication success
Tue, 04 May 10 12:55:59 +1200 - [user] - User did not exist but did authenticate. Adding user to database
Tue, 04 May 10 12:55:59 +1200 - [user] - The group to add the user to did not exist
Tue, 04 May 10 12:55:59 +1200 - Process for user [user] ended"

I found something in the archives of this forum which recommended replacing "Group.Title" with "Group.Code" in the appropriate part of ExternalAuthenticator.php and did that, but the same error happened.

I should add that the group does indeed exist, and I've tried it with a couple of different names just in case one was reserved or something.

Can anyone help?

Avatar
Hamish

Community Member, 712 Posts

4 May 2010 at 3:51pm

Edited: 04/05/2010 3:51pm

I'm using LDAP with auto add and it works well.

Could you post which version you are using and what your config looks like.

I assume you have a line like:

ExternalAuthenticator::setAutoAdd('ldap', 'Staff');

Avatar
Bronwyn

Community Member, 20 Posts

4 May 2010 at 4:18pm

v0.3.1 for the module, 2.3.7 for Silverstripe. I do have a line like that now, before it was missing the 'ldap', bit, but it still does the same thing. It's a bit of a team effort, this. The guy who runs the ldap server modified the config file for me.

the config file is attached

Avatar
Hamish

Community Member, 712 Posts

4 May 2010 at 5:00pm

It's probably this line:

ExternalAuthenticator::setAutoAdd('biocldap', true);

The setting can only be one thing at a time, so when you set it to true it overrides the "Staff" setting.

Remove that line and you should be good to go. :)

Avatar
Bronwyn

Community Member, 20 Posts

5 May 2010 at 9:34am

Have done that and it works. Thanks a lot.

However, although the log says it's adding the user to the database, when I go to look at what's been added it's surname: unknown, firstname: unknown, email: root@localhost. Is that what's supposed to happen?

Avatar
Hamish

Community Member, 712 Posts

5 May 2010 at 10:14am

Nope, that isn't supposed to happen - you might need to check that you're getting the right info out of LDAP for your users.

Avatar
Bronwyn

Community Member, 20 Posts

5 May 2010 at 11:23am

All fixed. It had to do with some funny mapping thing in the LDAP. Something to do with how OS X does things as opposed to how traditional unix does them.