Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

All other Modules

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Auth_external "Group does not exist"


Reply

7 Posts   974 Views

Avatar
Bronwyn

4 May 2010 at 1:14pm Community Member, 20 Posts

I'm setting up Silverstripe to use as our Department's website and intranet. I need to get auth-external working with auto-add accounts, because I'm damned if I want to add a gazillion new students to the database every year so they can log on to the intranet. I've got the authentication working for existing accounts, but when I get someone to try to log on using just the LDAP it doesn't work. The relevant bit of the log (with the actual username replaced by me with [user]) says:
"Tue, 04 May 10 12:55:59 +1200 - [user].ldap - LDAP Authentication success
Tue, 04 May 10 12:55:59 +1200 - [user] - authentication success
Tue, 04 May 10 12:55:59 +1200 - [user] - User did not exist but did authenticate. Adding user to database
Tue, 04 May 10 12:55:59 +1200 - [user] - The group to add the user to did not exist
Tue, 04 May 10 12:55:59 +1200 - Process for user [user] ended"

I found something in the archives of this forum which recommended replacing "Group.Title" with "Group.Code" in the appropriate part of ExternalAuthenticator.php and did that, but the same error happened.

I should add that the group does indeed exist, and I've tried it with a couple of different names just in case one was reserved or something.

Can anyone help?

Avatar
Hamish

4 May 2010 at 3:51pm (Last edited: 4 May 2010 3:51pm), Community Member, 712 Posts

I'm using LDAP with auto add and it works well.

Could you post which version you are using and what your config looks like.

I assume you have a line like:

ExternalAuthenticator::setAutoAdd('ldap', 'Staff');

Avatar
Bronwyn

4 May 2010 at 4:18pm Community Member, 20 Posts

v0.3.1 for the module, 2.3.7 for Silverstripe. I do have a line like that now, before it was missing the 'ldap', bit, but it still does the same thing. It's a bit of a team effort, this. The guy who runs the ldap server modified the config file for me.

the config file is attached

Avatar
Hamish

4 May 2010 at 5:00pm Community Member, 712 Posts

It's probably this line:

ExternalAuthenticator::setAutoAdd('biocldap', true);

The setting can only be one thing at a time, so when you set it to true it overrides the "Staff" setting.

Remove that line and you should be good to go. :)

Avatar
Bronwyn

5 May 2010 at 9:34am Community Member, 20 Posts

Have done that and it works. Thanks a lot.

However, although the log says it's adding the user to the database, when I go to look at what's been added it's surname: unknown, firstname: unknown, email: root@localhost. Is that what's supposed to happen?

Avatar
Hamish

5 May 2010 at 10:14am Community Member, 712 Posts

Nope, that isn't supposed to happen - you might need to check that you're getting the right info out of LDAP for your users.

Avatar
Bronwyn

5 May 2010 at 11:23am Community Member, 20 Posts

All fixed. It had to do with some funny mapping thing in the LDAP. Something to do with how OS X does things as opposed to how traditional unix does them.