5121 Posts in 1527 Topics by 1119 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 808 Views |
-
LDAP/Active Directory Authentication for SilverStripe 3.0.1
27 August 2012 at 10:59am
Hello to all fellow SilverStripers,
I was wondering if anyone out there has managed to get this working whether with or without a module, the current module to support this was the 'auth_external' module, but hasn't been updated to suit the new version, as the last version it ran on properly was 2.3 and 2.4.
I am currently trying to create this for my company intranet as they are based on Microsoft Exchange, but the web server I am working on is a Ubuntu Server which we want to keep separate from all else, and so is running on Apache. I'm still very new to SilverStripe so am getting the hang of it slowly.
Thanks for any help in advanced.
-B00mer
-
Re: LDAP/Active Directory Authentication for SilverStripe 3.0.1
4 September 2012 at 10:33pm
I'm looking at this also at the moment. I've only had half an hour to look at the moment, and I can see there is some changes needed.
I found what seems to be the latest version at https://github.com/hamishcampbell/silverstripe-auth-external (on the silverstripe modules page, I could only find a svn link, which is older).However after installing this, following the installation instructions and running /dev/build there are deprecation error, indicating that this code has not been updated at all for SS3:
DataObjectDecorator is deprecated. DataObjectDecorator is deprecated. Use DataExtension instead.
Strict Standards: Declaration of ExternalAuthenticatedRole::canEdit() should be compatible with that of DataExtension::canEdit() in auth_external\code\ExternalAuthenticatedRole.php on line 16
Strict Standards: Declaration of ExternalAuthenticatedRole::extraStatics() should be compatible with that of DataExtension::extraStatics() in auth_external\code\ExternalAuthenticatedRole.php on line 16
Strict Standards: Declaration of ExternalAuthenticatedRole::updateCMSFields() should be compatible with that of DataExtension::updateCMSFields() in auth_external\code\ExternalAuthenticatedRole.php on line 16
You turn off this deprecation error (not fix the code, mind) you can open the framework/_config file and change line 60 to:
Deprecation::notification_version('3.0.0-dev');
Now the login box shows up, after submitting the login however there's another deprecation error:
Director::redirect is deprecated. Use Controller->redirect() instead. Called from ExternalLoginForm->dologin.
At this point I concluded that it's better use of my time to see if someone else has got this working, or attempt to fix the module myself. Hope this helps, keep me updated.
-
Re: LDAP/Active Directory Authentication for SilverStripe 3.0.1
5 September 2012 at 10:08am
Hey mate,
Thanks for posting this, as it did help in the sense that I came to the same conclusions and came across the same deprecation messages.
I'm still a fair bit off from being able to rewrite this module to suit SilverStripe 3.0 but I think I'm going to attempt it anyways until I see something better, or the module is updated, or (unlikely) I manage to get the module working. Correctly mind you.
Good luck!
-B00mer
-
Re: LDAP/Active Directory Authentication for SilverStripe 3.0.1
6 September 2012 at 3:53am
I'll be trying to fork the github project and submit a pull request for any (if any) fixes. Keep us updated with any progress
-
Re: LDAP/Active Directory Authentication for SilverStripe 3.0.1
12 September 2012 at 3:14am Last edited: 12 September 2012 8:06pm
I've got some success, I am able to login to Silverstripe using my ActiveDirectory credentials.
This has only been tested by me.
I've submitted a pull request for the code changes: https://github.com/hamishcampbell/silverstripe-auth-external/pull/9I'm using the following _config.php, this automatically creates user accounts and keeps them synced, make sure that any content authors are added to the SilverstripeContentAuthors Active Directory group in this case:
<?php
Authenticator::register_authenticator('ExternalAuthenticator');
ExternalAuthenticator::setUseAnchor(true);
ExternalAuthenticator::setAnchorDesc('Username');
ExternalAuthenticator::createSource('activedirectory','LDAP','Active Directory');
ExternalAuthenticator::setAuthSSLock('activedirectory',false);
ExternalAuthenticator::setAuthServer('activedirectory','<domaincontroller>');
ExternalAuthenticator::setOption('activedirectory', 'basedn', '<domaincontroller object name>');
ExternalAuthenticator::setOption('activedirectory', 'attribute', 'sAMAccountName');
ExternalAuthenticator::setOption('activedirectory', 'extra_attributes', array(
'objectclass' => 'user',
));
ExternalAuthenticator::setOption('activedirectory', 'passwd_expiration', true);
ExternalAuthenticator::setAutoAdd('activedirectory', true);
ExternalAuthenticator::setDefaultDomain('activedirectory', '<domain>');
ExternalAuthenticator::setOption('activedirectory', 'firstname_attr', 'givenName');
ExternalAuthenticator::setOption('activedirectory', 'surname_attr', 'sn');
ExternalAuthenticator::setOption('activedirectory', 'email_attr', 'mail');
ExternalAuthenticator::setOption('activedirectory', 'group_attr', 'memberOf');
ExternalAuthenticator::setAutoAdd('activedirectory', array(
'SilverstripeContentAuthors' => 'content-authors',
)
);
ExternalAuthenticator::setOption('activedirectory', 'bind_as','<cn for account>');
ExternalAuthenticator::setOption('activedirectory', 'bind_pw','<password>');For information on the options see the _config.php that comes with the module.
-
Re: LDAP/Active Directory Authentication for SilverStripe 3.0.1
12 September 2012 at 4:36pm
Mate that is some good news indeed! I shall pull down your files from github and give them a try with the _config.php settings you've shown but customed to what I need and get back to you on how they worked. It'll be a few days as I'm out on the road and get a chance to implement your changes but hopefully by either Friday or Monday I can have something to say about how my test run goes!
Cheers for this.
-B00mer
| 808 Views | ||
|
Page:
1
|
Go to Top |
