[TYPO3-english] LDAP_AUTH sync statment and FEuser login in BE

Claus Lavdal cl at mergeit.dk
Thu Dec 10 10:47:35 CET 2009


Have spent some time getting LDAP Integration in TYPO3 to work.

The goal is to have BE and FE users validated by LDAP and not Typo3.

We have chosen to use the TYPO3 extension ldap_auth.

We use the following versions:

ldap_auth 0.2.1
ldap_lib 0.2.0
ldap_server 0.2.1

Typo3 version 4.2.9
PHP Version 5.2.5

Follow the various guides to setup ldap_server and ldap_auth.

In a tcpdump I can se that auth against LDAP server is successful.

But it seems like typo3 don't understand that.

I have tried different thins but if I set:

BEusers = LDAP_SYNC
BEusers {
         ........
          sync < BEusers
           ........ 
}

My users get loged in. 

I authorizise both FE an BE users agains Ldap - and need the sync 
statment ind both BEusers and FEusers.

BUT: now my FEusers can login in BE? - and my BEusers in FE (which 
obviously is not as critical)



The total "conf" is the following:
FEusers = LDAP_SYNC
FEusers {
  enable = 1
  table = fe_users
  basedn = ou=partners,o=....
  handleNotFound = 1
  handleNotFound {
    delete = 1
    }
  pid = 181
  filter =(objectClass=inetOrgPerson)
  uniqueField = tx_ldapserver_dn
  fields {
    username = MAP_OBJECT
    username.attribute = uid
    username.userFunc = tx_ldapserver->getSingleValue
    tx_ldapserver_dn = MAP_OBJECT
    tx_ldapserver_dn.special = DN
    usergroup = MAP_OBJECT
    usergroup.attribute = uid
    usergroup.userFunc.defaultValue = 2
    usergroup.userFunc = tx_ldapserver->setDefaultValue
    company = MAP_OBJECT
    company.attribute = sn
    company.userFunc = tx_ldapserver->getSingleValue
    email = MAP_OBJECT
    email.attribute = mail
    email.userFunc = tx_ldapserver->getSingleValue
    }
   sync < FEusers
  }

FEauth = LDAP_AUTH
FEauth {
   enable = 1
   table = fe_users
   sync < FEusers
}
BEusers = LDAP_SYNC
BEusers {
        enable = 1
        table = be_users
       basedn = ou=users,o=....
        handleNotFound = 1
        handleNotFound {
                delete = 1
        }
        pid = root
        filter =(&(objectClass=inetOrgPerson)
(groupMembership=cn=staff,ou=groups,o=....))
        uniqueField = tx_ldapserver_dn
        fields {
                username = MAP_OBJECT
                username.attribute = uid
                username.userFunc = tx_ldapserver->getSingleValue
                tx_ldapserver_dn = MAP_OBJECT
                tx_ldapserver_dn.special = DN
                #admin = MAP_OBJECT
                #admin.attribute = uid
                #admin.userFunc.defaultValue = 1
                #admin.userFunc = tx_ldapserver->setDefaultValue
                usergroup = MAP_OBJECT
                usergroup.attribute = uid
                usergroup.userFunc.defaultValue = 2
                usergroup.userFunc = tx_ldapserver->setDefaultValue
                lang = MAP_OBJECT
                lang.attribute = uid
                lang.userFunc.defaultValue = dk
                lang.userFunc = tx_ldapserver->setDefaultValue
                options = MAP_OBJECT
                options.attribute = uid
                options.userFunc.defaultValue = 3
                options.userFunc = tx_ldapserver->setDefaultValue
                realName = MAP_OBJECT
                realName.attribute = givenName
                realName.userFunc = tx_ldapserver->getSingleValue
                fileoper_perms = MAP_OBJECT
                fileoper_perms.attribute = uid
                fileoper_perms.userFunc.defaultValue = 7
                fileoper_perms.userFunc = tx_ldapserver->setDefaultValue
                workspace_perms = MAP_OBJECT
                workspace_perms.attribute = uid
                workspace_perms.userFunc.defaultValue = 3
                workspace_perms.userFunc = tx_ldapserver->setDefaultValue
                workspace_preview = MAP_OBJECT
                workspace_preview.attribute = uid
                workspace_preview.userFunc.defaultValue = 1
                workspace_preview.userFunc = tx_ldapserver-
>setDefaultValue
                email = MAP_OBJECT
                email.attribute = mail
                email.userFunc = tx_ldapserver->getSingleValue
        }
        sync < BEusers
}
BEauth = LDAP_AUTH
BEauth {
   enable = 1
   table = be_users
   sync < BEusers
}


Maybe someone can explain why "sync < BEusers" is needed in my LDAP_SYNC 
object? 
Ore tell my why my users can login everywhere.?
It seems like there is no diffrence betwene the tho LDAP_SYNC objeckts


More information about the TYPO3-english mailing list