Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

All other Modules

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Auth_External LDAP


Reply

7 Posts   1458 Views

Avatar
Sullivanindy

30 June 2010 at 5:53am (Last edited: 9 July 2010 7:30am), Community Member, 7 Posts

Hi,

I have LDAP authentication working fine, against Novell eDirectory.. I was try to vary user roles based on description of the user in eDir, it works fine for a new user, based on the description they will be placed in the appropriate group, problem is if i try to change the description to .. say promote the user to a different role, it fails because a user with that email already exists.. is the a way that if users exists and group is different to just update group in the CMS?

Thanks,

Mark-

Avatar
Sullivanindy

30 June 2010 at 2:52pm Community Member, 7 Posts

Ok, I upgraded to the latest svn version, which now uses UseAnchor , but still no luck.. It is supposed to now .. if user exists update attributes, but fails after checking the first source and not finding a match, so i try to set ExternalAuthentication::setUseAnchor('true'); but un remarking that line at all causes a white screen.. I can go into the ExternalAuthenticator.php and force the default to true which gives me the drop down for users sources.. and will allow login when choosing the correct source but does not update the autoadd group...

Maybe I should state what I am looking for..

I want to have multiple ldap sources with in the same ldap directory, by with OU, or groupmembership, or what ever.. then depending on which source succeeds on auth, a different level of silverstripe group would get set..

ie.. user found thats found in ou=users and is in the ldap group webAdmin gets added to the SS administrators group, and if a users id found in ou=users and is in the ldap group webEditor gets added to a SS Editors group.. then if i take the users out of one group and put into the other, the auth should still succedd and the SS group should get updated..

Mark-

Avatar
Sullivanindy

9 July 2010 at 7:20am Community Member, 7 Posts

My man Roel is absolutely awesome!! He tweaked the code for me and now allows group mapping setup in the configuration, so now when a user logs in it checks the users group membership via ldap looking for a group defined in the mapping, it it finds a match it sets the new group.. We now have identity base , directory driven back-end security, as well as the ability to have identity based content delivery and accessibility..

Very nice work Roel!!!!

Mark-

Avatar
lancer

10 July 2010 at 6:24am 57 Posts

My pleasure, it was fun to do some coding again...

Now if I can get myself to rework the unittests I can make the first 0.4 release candidate
(the latest 0.3 works fine with SilverStripe 2.4.0 by the way)

Avatar
Kueller

20 July 2010 at 2:57am Community Member, 2 Posts

Hi, I wanted to do the same thing, but haven't seen the update in the configuration yet. I have the v0.3.1 and want to update site groupmembership on login to reflect the secundary group(s) of the user in the LDAP server. Because all the users in our LDAP database have user as primary group and their roles are given by their secundary groups. Thanks in advance for a reply and the effort. It's a really great module!

Avatar
Sullivanindy

20 July 2010 at 3:08am Community Member, 7 Posts

Its the latest version in the svn..

http://svn.silverstripe.com/open/modules/auth_external/trunk

rapid svn is a pretty easy svn client.

http://www.rapidsvn.org/download/release/0.12/

Make sure to read the update instructions, you have to manually Logon to the database as administrator
alter table Member change column External_UserID External_Anchor VarChar(255);

Mark-

Avatar
Kueller

20 July 2010 at 12:15pm Community Member, 2 Posts

Thanks a lot Mark!