[TYPO3] LDAP Sync on Typo3 4.0 problem
Bing Du
bdu at iastate.edu
Wed Jul 5 17:46:53 CEST 2006
Bing Du wrote:
> R. van Twisk wrote:
>
>> Bing Du wrote:
>>
>>> Bing Du wrote:
>>>
>>>
>>>> Hi,
>>>>
>>>> Typo3 4.0.
>>>> lday_sync 0.2.1
>>>> ldap_lib 0.2.0
>>>> ldap_server 0.2.1
>>>> ldap_auth 0.2.1
>>>>
>>>> When I clicked Web->LDAP Sync, and then the 'FE Users and LDAP'
>>>> sysFolder in the page tree, I have no problem seeing the defined
>>>> ldap server listed. However, clicking either 'Do Sync' or 'Simulate
>>>> Sync' button doesn't make anything happen. Where can I find more
>>>> information on what LDAP Sync is doing? Is it a LDAP connection
>>>> problem or some problem prevents users info from being pulled out of
>>>> the LDAP server (OpenLDAP)?
>>>>
>>>> The following is the ldap_server (OpenLDAP) config:
>>>>
>>>> Enable for backend authentication checkbox: checked
>>>> Servername: xxx.xxx.xxx.xx:389
>>>> ServerType: x500(OpenLDAP)
>>>> LDAP protocol version: 3
>>>> Base DN: DC=some,DC=edu
>>>> Filter for persons: (&(objectClass=*)(uid=###USERNAME###))
>>>> Configuration:
>>>> ==
>>>> FEusers = LDAP_SYNC
>>>> FEusers {
>>>> enable = 1
>>>> handleNotFound = 0
>>>> table = fe_users
>>>> pid = 56
>>>> uniqueField = tx_ldapserver_dn
>>>> fields {
>>>> username = MAP_OBJECT
>>>> username.attribute = uid
>>>> username.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> company = MAP_OBJECT
>>>> company.attribute = isuPersonDeptName
>>>> company.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> name = MAP_OBJECT
>>>> name.attribute = displayName
>>>> name.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> email = MAP_OBJECT
>>>> email.attribute = mail
>>>> email.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> country = MAP_OBJECT
>>>> country.attribute = co
>>>> country.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> telephone = MAP_OBJECT
>>>> telephone.attribute = telephoneNumber
>>>> telephone.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> address = MAP_OBJECT
>>>> address.attribute = postalAddress
>>>> address.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> tx_ldapserver_dn = MAP_OBJECT
>>>> tx_ldapserver_dn.special = DN
>>>>
>>>> password = MAP_OBJECT
>>>> password.attribute = userClass
>>>> password.include =
>>>> /data/www/html/site/typo3conf/ext/jm_pubcookie/class.tx_jmpubcookie.php
>>>> password.userFunc = tx_jmpubcookie->randomPassword
>>>>
>>>> usergroup = MAP_OBJECT
>>>> usergroup {
>>>> attribute = userClass
>>>> userFunc = tx_ldapserver->getFEGroups
>>>> userFunc {
>>>> pid = 56
>>>> table = fe_groups
>>>> identField = title
>>>> }
>>>> }
>>>>
>>>>
>>>> }
>>>> }
>>>>
>>>>
>>>> BEusers = LDAP_SYNC
>>>> BEusers {
>>>> enable = 1
>>>> table = be_users
>>>> pid = root
>>>> handleNotFound = 0
>>>> filter = (&(objectClass=person))
>>>> uniqueField = tx_ldapserver_dn
>>>> fields {
>>>> username = MAP_OBJECT
>>>> username.attribute = uid
>>>> username.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> password = MAP_OBJECT
>>>> password.attribute = userClass
>>>> password.include =
>>>> /data/www/html/site/typo3conf/ext/jm_pubcookie/class.tx_jmpubcookie.php
>>>> password.userFunc = tx_jmpubcookie->randomPassword
>>>>
>>>> realName = MAP_OBJECT
>>>> realName.attribute = displayName
>>>> realName.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> email = MAP_OBJECT
>>>> email.attribute = mail
>>>> email.userFunc = tx_ldapserver->getSingleValue
>>>>
>>>> tx_ldapserver_dn = MAP_OBJECT
>>>> tx_ldapserver_dn.special = DN
>>>>
>>>> usergroup = MAP_OBJECT
>>>> usergroup {
>>>> attribute = userClass
>>>> userFunc = tx_ldapserver->getBEGroups
>>>> userFunc {
>>>> pid = root
>>>> table = be_groups
>>>> identField = title
>>>> }
>>>> }
>>>> }
>>>> }
>>>>
>>>> FEgroups < FEusers
>>>> FEgroups {
>>>> table = fe_groups
>>>> handleNotFound = 0
>>>> filter = objectClass=userClass
>>>> fields {
>>>> username >
>>>> email >
>>>> name >
>>>> password >
>>>> usergroup >
>>>> company >
>>>> telephone >
>>>> country >
>>>> title = MAP_OBJECT
>>>> title.attribute = userClass
>>>> title.userFunc = tx_ldapserver->getSingleValue
>>>> }
>>>> }
>>>>
>>>>
>>>> BEgroups < FEusers
>>>> BEgroups {
>>>> pid = root
>>>> table = be_groups
>>>> handleNotFound = 0
>>>> filter = objectClass=userClass
>>>> fields {
>>>> username >
>>>> email >
>>>> name >
>>>> password >
>>>> usergroup >
>>>> company >
>>>> telephone >
>>>> country >
>>>> title = MAP_OBJECT
>>>> title.attribute = userClass
>>>> title.userFunc = tx_ldapserver->getSingleValue
>>>> }
>>>> }
>>>>
>>>> FEauth = LDAP_AUTH
>>>> FEauth {
>>>> enable = 1
>>>> table = fe_users
>>>> SSO = 1
>>>> SSO.10.include =
>>>> /data/www/html/site/typo3conf/ext/jm_pubcookie/class.tx_jmpubcookie.php
>>>> SSO.10.userFunc = tx_jmpubcookie->pubcookieUser
>>>> sync < FEusers
>>>> }
>>>>
>>>> BEauth < FEauth
>>>> BEauth {
>>>> table = be_users
>>>> SSO = 1
>>>> SSO.10.include =
>>>> /data/www/html/site/typo3conf/ext/jm_pubcookie/class.tx_jmpubcookie.php
>>>> SSO.10.userFunc = tx_jmpubcookie->pubcookieUser
>>>> sync < BEusers
>>>> }
>>>> ==
>>>>
>>>> If I changed the OpenLDAP server to an AD server, the LDAP Sync
>>>> module cannot not list the LDAP server at all. But on the other
>>>> side, the following configuration works great on the same server for
>>>> us.
>>>>
>>>> Typo3 3.8.1
>>>> ldap_lib 0.2.0
>>>> ldap_server 0.2.0
>>>> ldap_auth 0.2.0
>>>> ldap_sync 0.2.0
>>>>
>>>> Anybody have any clue what might be wrong? I'd appreciate any help.
>>>>
>>>> Thanks,
>>>>
>>>> Bing
>>>>
>>>
>>>
>>>
>>> From my testing, seems like if the ldap server is listed fine in
>>> LDAP Sync, the LDAP connection is fine. Now the problem is the user
>>> info pulled from the LDAP is not written in the be_* and fe_* tables
>>> in the database. Is there any other option that needs to be turned
>>> on outside of the ldap_lib, ldap_server, ldap_auth and ldap_sync
>>> extensions in order to use ldap authentication?
>>>
>>> Bing
>>> _______________________________________________
>>>
>>
>>
>>
>> Hey Bing,
>>
>> I just happen to do just that last weekend.
>> Can you check the RAW database tables if users are added? (if you
>> don't see a error).
>>
>> it more or less worked out of the box here...
>>
>> Ries
>>
>>
>
> Thanks for the heads-up, Ries. Yes, I've already checked be_users,
> be_groups , fe_users and fe_groups tables in MySQL. But don't see users
> or groups are added when they either log on through the backend or the
> frontend. I don't have any problem doing LDAP authentication on Typo
> 3.8.1 though.
>
> This site used to run on typo3 3.8.1. LDAP authentication worked fine.
> Then we set up a new typo3 4.0 site on a new webserver. The old site
> was exported to a t3d file and then imported to the new typo3 4.0 site.
> I also exported the "FE Users and LDAP" sysFolder on the 3.8 old site
> and imported them on the 4.0 site. Those existing users/groups were
> added via import to the fe_* and be_* tables on the new site fine. But
> LDAP authentication doesn't work for both the migrated users and new
> users. The weird thing is removing the LDAP server record doesn't
> change the symptom. In another word, looks like the LDAP record doesn't
> take effect. Hmmm...
>
> Bing
LDAP authentication works now. LDAP users can be written into the
be_users table fine. But the password field is empty. I tried to
manually enter user's password in the password field of the be_users
table. But after the user logs on again and I checked the be_users
table in MySQL, his password was wiped out again. I need users'
passwords to be written in the be_users table. How should that be done?
I'm using ldap_auth 0.2.1 with the following variables enabled:
plainTextLoginBE=1
enableBE=1
enableFE=1
FE_fetchUserNoSession=1
BE_fetchUserNoSession=1
FE_alwaysFetchUser=1
BE_alwaysFetchUser=1
Thanks,
Bing
More information about the TYPO3-english
mailing list