[Typo3] Importing FEgroups from LDAP??

Joseph Mesterhazy jmesterh at iastate.edu
Wed Jul 20 21:18:50 CEST 2005 

Hello all,

I am trying to use the ldap_* modules to import users from our Active  
Directory, and everything is working except for group membership. No  
matter what I do, I can't seem to get the groups the user is a member  
of to become groups in Typo3. I am using the following ldap  
configuration, which is almost a straight copy of http://typo3.org/ 
documentation/document-library/ldap_server/Reference_for_TS_in/  
(except for the backend auth.)

FEusers = LDAP_SYNC
FEusers {
         enable = 1
         table = fe_users
         basedn = DC=iastate, DC=edu
         handleNotFound = 1
         handleNotFound {
                 markHidden = 1
                 hiddenField = disable
                 markDeleted = 0
                 deletedField = deleted
                 delete = 0
                 identField = username
         }
         pid = 56
         filter = (&(objectClass=person))
         uniqueField = tx_ldapserver_dn
         fields {
                 username = MAP_OBJECT
                 username.attribute = sAMAccountName
                 username.userFunc = tx_ldapserver->getSingleValue

                 name = MAP_OBJECT
                 name.attribute = cn
                 name.userFunc = tx_ldapserver->getSingleValue

                 tx_ldapserver_dn = MAP_OBJECT
                 tx_ldapserver_dn.special = DN

                 usergroup = MAP_OBJECT
                 usergroup {
                         attribute = memberOf
                         userFunc = tx_ldapserver->getFEGroups
                         userFunc {
                                 pid = 56
                                 table = fe_groups
                                 identField = tx_ldapserver_dn
                         }
                 }
         }
}


FEgroups < FEusers
FEgroups {
         table = fe_groups
         handleNotFound = 0
         filter = (&(objectClass=group))
         fields {
                 username >
                 usergroup >
                 name >
                 title = MAP_OBJECT
                 title.attribute = cn
                 title.userFunc = tx_ldapserver->getSingleValue
         }
}

FEauth = LDAP_AUTH
FEauth {
   enable = 1
   table = fe_users
   sync < FEusers
}

When I try to login, a user account is created in the fe_users table,  
and the name is successfully imported. However, the user has no group  
membership, and no groups have been created in the fe_groups table  
either.

I did a manual ldapsearch against the Active Directory to make sure  
that was working, and it is. The memberOf: objects returned for my  
username look like this:

memberOf: CN=! something,OU=Users,OU=something,DC=iastate,DC=edu
...

Has anyone had success importing the group membership of users into  
the fe_groups table from an Active Directory? There were similar  
questions posted to this list a while back with no replies.


Joe
--
Joe Mesterhazy
ECpE UNIX Administrator
2101 Coover Hall, Iowa State University
Ames, IA 50011.  (515) 294-7359
http://www.mesterhazy.net

More information about the TYPO3-english mailing list