Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

External Authenticator


Reply


53 Posts   63450 Views

Avatar
Sam

Administrator, 685 Posts

4 May 2008 at 3:49pm

Hi,

The SilverStripe core team recommends Apache over Lighttpd. We use lighty in the installer because it was easier for us to build into a standalone installer.

Avatar
xzelan

Community Member, 20 Posts

6 May 2008 at 7:30pm

Hi Lancer,

I'm using adsiedit.msc as you recommended on http://doc.silverstripe.com/doku.php?id=modules:auth_ext_ad

See attached screenshot of the layout. Below is a copy of my _config.php (removed comments from post to save space). Hopefully, it's something obvious!

<?php

Authenticator::register_authenticator("ExternalAuthenticator");
ExternalAuthenticator::createSource('corp_ad','LDAP','Corporate Directory');
ExternalAuthenticator::setAuthSequential(false);
ExternalAuthenticator::setIdDesc('User ID');
ExternalAuthenticator::setAuthServer('corp_ad','ts.totaleyecare.com.au');
ExternalAuthenticator::setOption('corp_ad', 'basedn', 'cn=Users,dc=totaleyecare,dc=com,dc=au');
ExternalAuthenticator::setOption('corp_ad', 'attribute', 'sAMAccountName');
ExternalAuthenticator::setAutoAdd('corp_ad', false);
ExternalAuthenticator::setOption('corp_ad', 'bind_as','cn="silverstripe,cn=Users,dc=totaleyecare,dc=com,dc=au"');
ExternalAuthenticator::setOption('corp_ad', 'bind_pw', 'secret');
ExternalAuthenticator::setOption('corp_ad', 'firstname_attr', 'givenName');
ExternalAuthenticator::setOption('corp_ad', 'surname_attr', 'sn');
ExternalAuthenticator::setOption('corp_ad', 'email_attr', 'userPrincipalName');

?>

Avatar
lancer

57 Posts

6 May 2008 at 8:03pm

You could try
e.g. http://www.pegacat.com/jxplorer/

with the silverstripe account to validate to validate your AD config.

Avatar
xzelan

Community Member, 20 Posts

7 May 2008 at 3:31pm

I've attached a screenshot of JXplorer happily browsing the AD using the "silverstripe" username as you suggested, rather than "Administrator". However, I still get "Could not bind to LDAP server."

I've also attached a screenshot of the security tab of the cms.

Avatar
JBlond

Community Member, 1 Post

17 May 2008 at 1:41am

Edited: 17/05/2008 1:42am

Hi @all

I had the same problem as xzelan and was stuck at the error message "Could not bind to LDAP server." (Windows Small Business Server 2003 with SP2)

But after I have changed the user name in the second last line of the _config.php from the DN to the UPN (User Principal Name), it worked immediately.

ExternalAuthenticator::setOption('testldap', 'bind_as','testuser@your.domain');

Hope that helps.
Matthias

Avatar
xzelan

Community Member, 20 Posts

19 May 2008 at 12:13pm

Edited: 19/05/2008 12:15pm

Thanks Matthias! That may have fixed it for me also. Now I get the message below, which I think is just some code we were using for testing. Is that correct Lancer?

hello(sAMAccountName=silverstripe)Array ( [count] => 1 [0] => Array ( [samaccountname] => Array ( [count] => 1 [0] => silverstripe ) [0] => samaccountname [count] => 1 [dn] => CN=silverstripe,CN=Users,DC=totaleyecare,DC=com,DC=au ) )

Avatar
lancer

57 Posts

26 May 2008 at 6:43am

Edited: 26/05/2008 6:43am

It seems External Authenticator is broken for SilverStripe 2.2.2
http://open.silverstripe.com/ticket/2536

(I know, I should have tested with the RC's)

This fix is very simple however. See the bug report.

(PS. xzelan, correct, but I guess you found out already in the mean time)

Avatar
xzelan

Community Member, 20 Posts

26 May 2008 at 11:34am

Edited: 26/05/2008 11:36am

Sorry, I'm confused, I changed:

public static function authenticate(array $RAW_data, Form $form = null)


into

public static function authenticate($RAW_data, Form $form = null)


but now I get:

Fatal error: Declaration of ExternalAuthenticator::authenticate() must be compatible with that of Authenticator::authenticate() in C:\lighttpd\htdocs\auth_external\code\ExternalAuthenticator.php on line 458

when I do a:
http://localhost:3000/db/build?flush=1