Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Auth_External LDAP


Reply


8 Posts   1523 Views

Avatar
Sullivanindy

Community Member, 7 Posts

30 June 2010 at 5:53am

Edited: 09/07/2010 7:30am

Hi,

I have LDAP authentication working fine, against Novell eDirectory.. I was try to vary user roles based on description of the user in eDir, it works fine for a new user, based on the description they will be placed in the appropriate group, problem is if i try to change the description to .. say promote the user to a different role, it fails because a user with that email already exists.. is the a way that if users exists and group is different to just update group in the CMS?

Thanks,

Mark-

Avatar
Sullivanindy

Community Member, 7 Posts

30 June 2010 at 2:52pm

Ok, I upgraded to the latest svn version, which now uses UseAnchor , but still no luck.. It is supposed to now .. if user exists update attributes, but fails after checking the first source and not finding a match, so i try to set ExternalAuthentication::setUseAnchor('true'); but un remarking that line at all causes a white screen.. I can go into the ExternalAuthenticator.php and force the default to true which gives me the drop down for users sources.. and will allow login when choosing the correct source but does not update the autoadd group...

Maybe I should state what I am looking for..

I want to have multiple ldap sources with in the same ldap directory, by with OU, or groupmembership, or what ever.. then depending on which source succeeds on auth, a different level of silverstripe group would get set..

ie.. user found thats found in ou=users and is in the ldap group webAdmin gets added to the SS administrators group, and if a users id found in ou=users and is in the ldap group webEditor gets added to a SS Editors group.. then if i take the users out of one group and put into the other, the auth should still succedd and the SS group should get updated..

Mark-

Avatar
Sullivanindy

Community Member, 7 Posts

9 July 2010 at 7:20am

My man Roel is absolutely awesome!! He tweaked the code for me and now allows group mapping setup in the configuration, so now when a user logs in it checks the users group membership via ldap looking for a group defined in the mapping, it it finds a match it sets the new group.. We now have identity base , directory driven back-end security, as well as the ability to have identity based content delivery and accessibility..

Very nice work Roel!!!!

Mark-

Avatar
lancer

57 Posts

10 July 2010 at 6:24am

My pleasure, it was fun to do some coding again...

Now if I can get myself to rework the unittests I can make the first 0.4 release candidate
(the latest 0.3 works fine with SilverStripe 2.4.0 by the way)

Avatar
Kueller

Community Member, 2 Posts

20 July 2010 at 2:57am

Hi, I wanted to do the same thing, but haven't seen the update in the configuration yet. I have the v0.3.1 and want to update site groupmembership on login to reflect the secundary group(s) of the user in the LDAP server. Because all the users in our LDAP database have user as primary group and their roles are given by their secundary groups. Thanks in advance for a reply and the effort. It's a really great module!

Avatar
Sullivanindy

Community Member, 7 Posts

20 July 2010 at 3:08am

Its the latest version in the svn..

http://svn.silverstripe.com/open/modules/auth_external/trunk

rapid svn is a pretty easy svn client.

http://www.rapidsvn.org/download/release/0.12/

Make sure to read the update instructions, you have to manually Logon to the database as administrator
alter table Member change column External_UserID External_Anchor VarChar(255);

Mark-

Avatar
Kueller

Community Member, 2 Posts

20 July 2010 at 12:15pm

Thanks a lot Mark!

Avatar
Praveen

Community Member, 21 Posts

9 October 2014 at 11:35pm

I dont know whether it is correct or not . But Instead of changing the Column Name From External_UserID to External_Anchor . I modified the function getHandleToUse in ExternalAuthenticator.php

it worked to me.
$memberquery = "\"Member\".\"External_UserID\" = '$SQL_anchor' AND \"Member\".\"External_SourceID\" = '$SQL_source'";

Let me know your views. Is it correct way to do