Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

External Auth module - auto account creation issue


Go to End


4 Posts   3808 Views

Avatar
Peabs

Community Member, 3 Posts

26 June 2009 at 5:41am

Hi,

I'm having trouble getting SilverStripe to auto-add accounts when logging in using an external authentication source. We use Active Directory. I have the External Authentication module installed and everything displays correctly, but when I try to login with my AD creds it rejects them. I've modified _config.php to the following:

ExternalAuthenticator::setAutoAdd('ccomAD', 'Users');
//ExternalAuthenticator::setAutoAdd('ccomAD', false);

and

ExternalAuthenticator::setDefaultDomain('ccomAD', 'ccom.unh.edu');

I know it can authenticate though because I hooked up my AD username to the administrator profile that is created when you first install SilverStripe through the Profile -> External Authenication tab, and it accepts the password fine and logs me in as the administrator.

If anyone has experience with this problem help would be much appreciated. I'll post if I find a solution on my own.

Cheers,
Les

Avatar
Peabs

Community Member, 3 Posts

26 June 2009 at 8:11am

Edited: 26/06/2009 8:38am

I should also mention I have in fact created the group Users and given it full admin privs.

----------UPDATE----------------
I've gotten SS to auto add the account, but for some reason the email comes in as root@localhost even though I have the default email address specified as ccom.unh.edu, and I have no idea why it would be using root instead of the username that was entered. I'm now trying to resolve this issue.

Avatar
Peabs

Community Member, 3 Posts

27 June 2009 at 3:29am

Edited: 27/06/2009 3:29am

Problem Found, solution in progress
-----------------------------------------
In the lookupDetails function of the LDAP driver is the following hunk of code:

$lookupdetails = array('shadowlastchange' => array('value' => false, 'attr' => 'shadowlastchange'),
'shadowmin' => array('value' => false, 'attr' => 'shadowmin'),
'shadowmax' => array('value' => false, 'attr' => 'shadowmax'),
'shadowwarning' => array('value' => false, 'attr' => 'shadowwarning'),
'firstname' => array('value' => 'unknown',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'firstname_attr'))
),
'surname' => array('value' =>'unknown',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'surname_attr'))
),
'email' => array('value' => 'root@localhost',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'email_attr'))
)
);

I had assumed that when a person logged in as a user in LDAP it would grab the mail field and plop that in, which this does. However, if the mail field is not set in LDAP I also assumed that it would take whatever the login ID was that was submitted and append the value that was specified in setDefaultDomain. This in fact doesn't happen as can be seen above, it simply just drops in 'root@localhost'. I don't know if Lancer plans on adding this feature, it would be really nice if he did. I'm viewing this as a bug and will submit it in a report.

Avatar
lancer

57 Posts

30 June 2009 at 7:58pm

Ticket 4313 in trac: http://open.silverstripe.com/ticket/4313

Will fix this for 0.4. Right now the trunk should be considered as unstable. The mechanism has had a huge overhaul (drivers hardly changed though)

Thanks for reporting this.