Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

External Authenticator


Reply

53 Posts   63145 Views

Avatar
Sam

4 May 2008 at 3:49pm Administrator, 685 Posts

Hi,

The SilverStripe core team recommends Apache over Lighttpd. We use lighty in the installer because it was easier for us to build into a standalone installer.

Avatar
xzelan

6 May 2008 at 7:30pm Community Member, 20 Posts

Hi Lancer,

I'm using adsiedit.msc as you recommended on http://doc.silverstripe.com/doku.php?id=modules:auth_ext_ad

See attached screenshot of the layout. Below is a copy of my _config.php (removed comments from post to save space). Hopefully, it's something obvious!

<?php

Authenticator::register_authenticator("ExternalAuthenticator");
ExternalAuthenticator::createSource('corp_ad','LDAP','Corporate Directory');
ExternalAuthenticator::setAuthSequential(false);
ExternalAuthenticator::setIdDesc('User ID');
ExternalAuthenticator::setAuthServer('corp_ad','ts.totaleyecare.com.au');
ExternalAuthenticator::setOption('corp_ad', 'basedn', 'cn=Users,dc=totaleyecare,dc=com,dc=au');
ExternalAuthenticator::setOption('corp_ad', 'attribute', 'sAMAccountName');
ExternalAuthenticator::setAutoAdd('corp_ad', false);
ExternalAuthenticator::setOption('corp_ad', 'bind_as','cn="silverstripe,cn=Users,dc=totaleyecare,dc=com,dc=au"');
ExternalAuthenticator::setOption('corp_ad', 'bind_pw', 'secret');
ExternalAuthenticator::setOption('corp_ad', 'firstname_attr', 'givenName');
ExternalAuthenticator::setOption('corp_ad', 'surname_attr', 'sn');
ExternalAuthenticator::setOption('corp_ad', 'email_attr', 'userPrincipalName');

?>

Avatar
lancer

6 May 2008 at 8:03pm 57 Posts

You could try
e.g. http://www.pegacat.com/jxplorer/

with the silverstripe account to validate to validate your AD config.

Avatar
xzelan

7 May 2008 at 3:31pm Community Member, 20 Posts

I've attached a screenshot of JXplorer happily browsing the AD using the "silverstripe" username as you suggested, rather than "Administrator". However, I still get "Could not bind to LDAP server."

I've also attached a screenshot of the security tab of the cms.

Avatar
JBlond

17 May 2008 at 1:41am (Last edited: 17 May 2008 1:42am), Community Member, 1 Post

Hi @all

I had the same problem as xzelan and was stuck at the error message "Could not bind to LDAP server." (Windows Small Business Server 2003 with SP2)

But after I have changed the user name in the second last line of the _config.php from the DN to the UPN (User Principal Name), it worked immediately.

ExternalAuthenticator::setOption('testldap', 'bind_as','testuser@your.domain');

Hope that helps.
Matthias

Avatar
xzelan

19 May 2008 at 12:13pm (Last edited: 19 May 2008 12:15pm), Community Member, 20 Posts

Thanks Matthias! That may have fixed it for me also. Now I get the message below, which I think is just some code we were using for testing. Is that correct Lancer?

hello(sAMAccountName=silverstripe)Array ( [count] => 1 [0] => Array ( [samaccountname] => Array ( [count] => 1 [0] => silverstripe ) [0] => samaccountname [count] => 1 [dn] => CN=silverstripe,CN=Users,DC=totaleyecare,DC=com,DC=au ) )

Avatar
lancer

26 May 2008 at 6:43am (Last edited: 26 May 2008 6:43am), 57 Posts

It seems External Authenticator is broken for SilverStripe 2.2.2
http://open.silverstripe.com/ticket/2536

(I know, I should have tested with the RC's)

This fix is very simple however. See the bug report.

(PS. xzelan, correct, but I guess you found out already in the mean time)

Avatar
xzelan

26 May 2008 at 11:34am (Last edited: 26 May 2008 11:36am), Community Member, 20 Posts

Sorry, I'm confused, I changed:

public static function authenticate(array $RAW_data, Form $form = null)


into

public static function authenticate($RAW_data, Form $form = null)


but now I get:

Fatal error: Declaration of ExternalAuthenticator::authenticate() must be compatible with that of Authenticator::authenticate() in C:\lighttpd\htdocs\auth_external\code\ExternalAuthenticator.php on line 458

when I do a:
http://localhost:3000/db/build?flush=1