[TYPO3] LDAP Sync on Typo3 4.0 problem

Bing Du bdu at iastate.edu
Wed Jul 5 16:15:08 CEST 2006 

R. van Twisk wrote:
> Bing Du wrote:
> 
>> Bing Du wrote:
>>  
>>
>>> Hi,
>>>
>>> Typo3 4.0.
>>> lday_sync 0.2.1
>>> ldap_lib 0.2.0
>>> ldap_server 0.2.1
>>> ldap_auth 0.2.1
>>>
>>> When I clicked Web->LDAP Sync, and then the 'FE Users and LDAP' 
>>> sysFolder in the page tree, I have no problem seeing the defined ldap 
>>> server listed.  However, clicking either 'Do Sync' or 'Simulate Sync' 
>>> button doesn't make anything happen.  Where can I find more 
>>> information on what LDAP Sync is doing?  Is it a LDAP connection 
>>> problem or some problem prevents users info from being pulled out of 
>>> the LDAP server (OpenLDAP)?
>>>
>>> The following is the ldap_server (OpenLDAP) config:
>>>
>>> Enable for backend authentication checkbox: checked
>>> Servername: xxx.xxx.xxx.xx:389
>>> ServerType: x500(OpenLDAP)
>>> LDAP protocol version: 3
>>> Base DN: DC=some,DC=edu
>>> Filter for persons: (&(objectClass=*)(uid=###USERNAME###))
>>> Configuration:
>>> ==
>>> FEusers = LDAP_SYNC
>>> FEusers {
>>>   enable = 1
>>>   handleNotFound = 0
>>>   table = fe_users
>>>   pid = 56
>>>   uniqueField = tx_ldapserver_dn
>>>   fields {
>>>     username = MAP_OBJECT
>>>     username.attribute = uid
>>>     username.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     company = MAP_OBJECT
>>>     company.attribute = isuPersonDeptName
>>>     company.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     name = MAP_OBJECT
>>>     name.attribute = displayName
>>>     name.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     email = MAP_OBJECT
>>>     email.attribute = mail
>>>     email.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     country = MAP_OBJECT
>>>     country.attribute = co
>>>     country.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     telephone = MAP_OBJECT
>>>     telephone.attribute = telephoneNumber
>>>     telephone.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     address = MAP_OBJECT
>>>     address.attribute = postalAddress
>>>     address.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     tx_ldapserver_dn = MAP_OBJECT
>>>     tx_ldapserver_dn.special = DN
>>>
>>>     password = MAP_OBJECT
>>>     password.attribute = userClass
>>>     password.include = 
>>> /data/www/html/site/typo3conf/ext/jm_pubcookie/class.tx_jmpubcookie.php
>>>     password.userFunc = tx_jmpubcookie->randomPassword
>>>
>>>     usergroup = MAP_OBJECT
>>>     usergroup {
>>>     attribute = userClass
>>>     userFunc = tx_ldapserver->getFEGroups
>>>     userFunc {
>>>         pid = 56
>>>         table = fe_groups
>>>         identField = title
>>>     }
>>>     }
>>>
>>>
>>>   }
>>> }
>>>
>>>
>>> BEusers = LDAP_SYNC
>>> BEusers {
>>>   enable = 1
>>>   table = be_users
>>>   pid = root
>>>   handleNotFound = 0
>>>   filter = (&(objectClass=person))
>>>   uniqueField = tx_ldapserver_dn
>>>   fields {
>>>     username = MAP_OBJECT
>>>     username.attribute = uid
>>>     username.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     password = MAP_OBJECT
>>>     password.attribute = userClass
>>>     password.include = 
>>> /data/www/html/site/typo3conf/ext/jm_pubcookie/class.tx_jmpubcookie.php
>>>     password.userFunc = tx_jmpubcookie->randomPassword
>>>
>>>     realName = MAP_OBJECT
>>>     realName.attribute = displayName
>>>     realName.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     email = MAP_OBJECT
>>>     email.attribute = mail
>>>     email.userFunc = tx_ldapserver->getSingleValue
>>>
>>>     tx_ldapserver_dn = MAP_OBJECT
>>>     tx_ldapserver_dn.special = DN
>>>
>>>     usergroup = MAP_OBJECT
>>>     usergroup {
>>>     attribute = userClass
>>>     userFunc = tx_ldapserver->getBEGroups
>>>     userFunc {
>>>         pid = root
>>>         table = be_groups
>>>         identField = title
>>>     }
>>>     }
>>>   }
>>> }
>>>
>>> FEgroups < FEusers
>>> FEgroups {
>>>     table = fe_groups
>>>         handleNotFound = 0
>>>     filter = objectClass=userClass
>>>     fields {
>>>         username >
>>>         email >
>>>         name >
>>>         password >
>>>         usergroup >
>>>                 company >
>>>                 telephone >
>>>                 country >
>>>         title = MAP_OBJECT
>>>         title.attribute = userClass
>>>         title.userFunc = tx_ldapserver->getSingleValue
>>>     }
>>> }
>>>
>>>
>>> BEgroups < FEusers
>>> BEgroups {
>>>         pid = root
>>>     table = be_groups
>>>     handleNotFound = 0
>>>     filter = objectClass=userClass
>>>     fields {
>>>         username >
>>>         email >
>>>         name >
>>>         password >
>>>         usergroup >
>>>                 company >
>>>                 telephone >
>>>                 country >
>>>         title = MAP_OBJECT
>>>         title.attribute = userClass
>>>         title.userFunc = tx_ldapserver->getSingleValue
>>>     }
>>> }
>>>
>>> FEauth = LDAP_AUTH
>>> FEauth {
>>>   enable = 1
>>>   table = fe_users
>>>   SSO = 1
>>>   SSO.10.include = 
>>> /data/www/html/site/typo3conf/ext/jm_pubcookie/class.tx_jmpubcookie.php
>>>   SSO.10.userFunc = tx_jmpubcookie->pubcookieUser
>>>   sync < FEusers
>>> }
>>>
>>> BEauth < FEauth
>>> BEauth {
>>>   table = be_users
>>>   SSO = 1
>>>   SSO.10.include = 
>>> /data/www/html/site/typo3conf/ext/jm_pubcookie/class.tx_jmpubcookie.php
>>>   SSO.10.userFunc = tx_jmpubcookie->pubcookieUser
>>>   sync < BEusers
>>> }
>>> ==
>>>
>>> If I changed the OpenLDAP server to an AD server, the LDAP Sync 
>>> module cannot not list the LDAP server at all.  But on the other 
>>> side, the following configuration works great on the same server for us.
>>>
>>> Typo3 3.8.1
>>> ldap_lib 0.2.0
>>> ldap_server 0.2.0
>>> ldap_auth 0.2.0
>>> ldap_sync 0.2.0
>>>
>>> Anybody have any clue what might be wrong?  I'd appreciate any help.
>>>
>>> Thanks,
>>>
>>> Bing
>>>     
>>
>>
>>  From my testing, seems like if the ldap server is listed fine in LDAP 
>> Sync, the LDAP connection is fine.  Now the problem is the user info 
>> pulled from the LDAP is not written in the be_* and fe_* tables in the 
>> database.  Is there any other option that needs to be turned on 
>> outside of the ldap_lib, ldap_server, ldap_auth and ldap_sync 
>> extensions in order to use ldap authentication?
>>
>> Bing
>> _______________________________________________
>>   
> 
> 
> Hey Bing,
> 
> I just happen to do just that last weekend.
> Can you check the RAW database tables if users are added? (if you don't 
> see a error).
> 
> it more or less worked out of the box here...
> 
> Ries
> 
> 

Thanks for the heads-up, Ries.  Yes, I've already checked be_users, 
be_groups , fe_users and fe_groups tables in MySQL.  But don't see users 
or groups are added when they either log on through the backend or the 
frontend.  I don't have any problem doing LDAP authentication on Typo 
3.8.1 though.

This site used to run on typo3 3.8.1.  LDAP authentication worked fine. 
  Then we set up a new typo3 4.0 site on a new webserver.  The old site 
was exported to a t3d file and then imported to the new typo3 4.0 site. 
  I also exported the "FE Users and LDAP" sysFolder on the 3.8 old site 
and imported them on the 4.0 site.  Those existing users/groups were 
added via import to the fe_* and be_* tables on the new site fine. But 
LDAP authentication doesn't work for both the migrated users and new 
users.  The weird thing is removing the LDAP server record doesn't 
change the symptom.  In another word, looks like the LDAP record doesn't 
take effect.  Hmmm...

Bing

More information about the TYPO3-english mailing list