Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

LDAP support for Silverstripe


Go to End


31 Posts   17162 Views

Avatar
Tim

Community Member, 201 Posts

9 October 2007 at 9:49am

Awesome work :-)

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

10 October 2007 at 6:16am

Hi Lancer,

I looked at the code (without actually trying it).. good work!

The only thing I would change I would suggest is to remove the global array $LDAPSERVER. You could use static members on the LDAPAuthenticator class instead.

Avatar
Ingo

Forum Moderator, 801 Posts

10 October 2007 at 6:36am

> The only thing I would change I would suggest is to remove the global array $LDAPSERVER.
yeah, that would've been my suggestion as well - planned to write that as a trac-ticket-comment. we should minimize the use of global namespaces, and adhere to silverstripe-conventions.

i've extended the wiki-page on this topic a bit the other day:
http://doc.silverstripe.com/doku.php?id=configuration

skim-read through the code - great stuff lancer!

Avatar
lancer

57 Posts

10 October 2007 at 8:31am

Edited: 11/10/2007 3:34am

Ah, old habits die hard. This was the conventions for configs at the Horde project. I updated the patch in trac (the change wasn't hard, just a lot of work ;-) )

[edit]
Oops, I forgot to convert the $this->_ds into self::$ds. Will do that this evening
[/edit]

[edit2]
Done. Updated the ticket again. Now it should be compliant with the conventions
[/edit2]

Avatar
lancer

57 Posts

14 October 2007 at 11:25pm

Edited: 14/10/2007 11:27pm

Based on the LDAP code I can very easily write an authentication module that uses IMAP/POP3/SMTP (with and without SSL/TLS). That's probably safer to use if your server is in the DMZ than exposing your internal LDAP server to the DMZ (most companies have these protocols running on the outside interfaces nowadays).

Would there be any interest in that?

[note]
Wouldn't it be an idea to remove the obsolete tag from this forum? Code and direct comments on the code should be put in trac, but discussing code could be done here.
[/note]

Avatar
Tim

Community Member, 201 Posts

15 October 2007 at 1:23pm

Re "authentication module that uses IMAP/POP3/SMTP" that sounds useful to me :-)

Keep up the great work :-)

Avatar
jrochamtz

1 Post

15 October 2007 at 6:17pm

Hi!!!

i'm new to silverstripe and i saw there is a beta for ldap auth???

i saw it, but i have no idea how to test it. Lancer, may you drop us a line to know how to implement it for test?

Thanks a lot. greetings!!!

Avatar
lancer

57 Posts

15 October 2007 at 6:26pm

More like an alpha, since the code is not yet in svn.

Do a checkout of the Silverstripe trunk. Then download the files from trac ticket 1477. Unpack the tar in the silverstripe root and patch the _config.php in the sapphire directory. Then edit that _config.php to suit your LDAP.