Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

All other Modules

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

External Auth module - auto account creation issue


4 Posts   2812 Views


26 June 2009 at 5:41am Community Member, 3 Posts


I'm having trouble getting SilverStripe to auto-add accounts when logging in using an external authentication source. We use Active Directory. I have the External Authentication module installed and everything displays correctly, but when I try to login with my AD creds it rejects them. I've modified _config.php to the following:

ExternalAuthenticator::setAutoAdd('ccomAD', 'Users');
//ExternalAuthenticator::setAutoAdd('ccomAD', false);


ExternalAuthenticator::setDefaultDomain('ccomAD', '');

I know it can authenticate though because I hooked up my AD username to the administrator profile that is created when you first install SilverStripe through the Profile -> External Authenication tab, and it accepts the password fine and logs me in as the administrator.

If anyone has experience with this problem help would be much appreciated. I'll post if I find a solution on my own.



26 June 2009 at 8:11am (Last edited: 26 June 2009 8:38am), Community Member, 3 Posts

I should also mention I have in fact created the group Users and given it full admin privs.

I've gotten SS to auto add the account, but for some reason the email comes in as root@localhost even though I have the default email address specified as, and I have no idea why it would be using root instead of the username that was entered. I'm now trying to resolve this issue.


27 June 2009 at 3:29am (Last edited: 27 June 2009 3:29am), Community Member, 3 Posts

Problem Found, solution in progress
In the lookupDetails function of the LDAP driver is the following hunk of code:

$lookupdetails = array('shadowlastchange' => array('value' => false, 'attr' => 'shadowlastchange'),
'shadowmin' => array('value' => false, 'attr' => 'shadowmin'),
'shadowmax' => array('value' => false, 'attr' => 'shadowmax'),
'shadowwarning' => array('value' => false, 'attr' => 'shadowwarning'),
'firstname' => array('value' => 'unknown',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'firstname_attr'))
'surname' => array('value' =>'unknown',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'surname_attr'))
'email' => array('value' => 'root@localhost',
'attr' => strtolower(ExternalAuthenticator::getOption($source, 'email_attr'))

I had assumed that when a person logged in as a user in LDAP it would grab the mail field and plop that in, which this does. However, if the mail field is not set in LDAP I also assumed that it would take whatever the login ID was that was submitted and append the value that was specified in setDefaultDomain. This in fact doesn't happen as can be seen above, it simply just drops in 'root@localhost'. I don't know if Lancer plans on adding this feature, it would be really nice if he did. I'm viewing this as a bug and will submit it in a report.


30 June 2009 at 7:58pm 57 Posts

Ticket 4313 in trac:

Will fix this for 0.4. Right now the trunk should be considered as unstable. The mechanism has had a huge overhaul (drivers hardly changed though)

Thanks for reporting this.