Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Auth_external "Group does not exist"


Go to End


7 Posts   1295 Views

Avatar
Bronwyn

Community Member, 22 Posts

4 May 2010 at 1:14pm

I'm setting up Silverstripe to use as our Department's website and intranet. I need to get auth-external working with auto-add accounts, because I'm damned if I want to add a gazillion new students to the database every year so they can log on to the intranet. I've got the authentication working for existing accounts, but when I get someone to try to log on using just the LDAP it doesn't work. The relevant bit of the log (with the actual username replaced by me with [user]) says:
"Tue, 04 May 10 12:55:59 +1200 - [user].ldap - LDAP Authentication success
Tue, 04 May 10 12:55:59 +1200 - [user] - authentication success
Tue, 04 May 10 12:55:59 +1200 - [user] - User did not exist but did authenticate. Adding user to database
Tue, 04 May 10 12:55:59 +1200 - [user] - The group to add the user to did not exist
Tue, 04 May 10 12:55:59 +1200 - Process for user [user] ended"

I found something in the archives of this forum which recommended replacing "Group.Title" with "Group.Code" in the appropriate part of ExternalAuthenticator.php and did that, but the same error happened.

I should add that the group does indeed exist, and I've tried it with a couple of different names just in case one was reserved or something.

Can anyone help?

Avatar
Hamish

Community Member, 712 Posts

4 May 2010 at 3:51pm

Edited: 04/05/2010 3:51pm

I'm using LDAP with auto add and it works well.

Could you post which version you are using and what your config looks like.

I assume you have a line like:

ExternalAuthenticator::setAutoAdd('ldap', 'Staff');

Avatar
Bronwyn

Community Member, 22 Posts

4 May 2010 at 4:18pm

v0.3.1 for the module, 2.3.7 for Silverstripe. I do have a line like that now, before it was missing the 'ldap', bit, but it still does the same thing. It's a bit of a team effort, this. The guy who runs the ldap server modified the config file for me.

the config file is attached

Avatar
Hamish

Community Member, 712 Posts

4 May 2010 at 5:00pm

It's probably this line:

ExternalAuthenticator::setAutoAdd('biocldap', true);

The setting can only be one thing at a time, so when you set it to true it overrides the "Staff" setting.

Remove that line and you should be good to go. :)

Avatar
Bronwyn

Community Member, 22 Posts

5 May 2010 at 9:34am

Have done that and it works. Thanks a lot.

However, although the log says it's adding the user to the database, when I go to look at what's been added it's surname: unknown, firstname: unknown, email: root@localhost. Is that what's supposed to happen?

Avatar
Hamish

Community Member, 712 Posts

5 May 2010 at 10:14am

Nope, that isn't supposed to happen - you might need to check that you're getting the right info out of LDAP for your users.

Avatar
Bronwyn

Community Member, 22 Posts

5 May 2010 at 11:23am

All fixed. It had to do with some funny mapping thing in the LDAP. Something to do with how OS X does things as opposed to how traditional unix does them.