[TYPO3-english] LDAP_AUTH sync statment and FEuser login in BE
Claus Lavdal
cl at mergeit.dk
Thu Dec 10 10:47:35 CET 2009
Have spent some time getting LDAP Integration in TYPO3 to work.
The goal is to have BE and FE users validated by LDAP and not Typo3.
We have chosen to use the TYPO3 extension ldap_auth.
We use the following versions:
ldap_auth 0.2.1
ldap_lib 0.2.0
ldap_server 0.2.1
Typo3 version 4.2.9
PHP Version 5.2.5
Follow the various guides to setup ldap_server and ldap_auth.
In a tcpdump I can se that auth against LDAP server is successful.
But it seems like typo3 don't understand that.
I have tried different thins but if I set:
BEusers = LDAP_SYNC
BEusers {
........
sync < BEusers
........
}
My users get loged in.
I authorizise both FE an BE users agains Ldap - and need the sync
statment ind both BEusers and FEusers.
BUT: now my FEusers can login in BE? - and my BEusers in FE (which
obviously is not as critical)
The total "conf" is the following:
FEusers = LDAP_SYNC
FEusers {
enable = 1
table = fe_users
basedn = ou=partners,o=....
handleNotFound = 1
handleNotFound {
delete = 1
}
pid = 181
filter =(objectClass=inetOrgPerson)
uniqueField = tx_ldapserver_dn
fields {
username = MAP_OBJECT
username.attribute = uid
username.userFunc = tx_ldapserver->getSingleValue
tx_ldapserver_dn = MAP_OBJECT
tx_ldapserver_dn.special = DN
usergroup = MAP_OBJECT
usergroup.attribute = uid
usergroup.userFunc.defaultValue = 2
usergroup.userFunc = tx_ldapserver->setDefaultValue
company = MAP_OBJECT
company.attribute = sn
company.userFunc = tx_ldapserver->getSingleValue
email = MAP_OBJECT
email.attribute = mail
email.userFunc = tx_ldapserver->getSingleValue
}
sync < FEusers
}
FEauth = LDAP_AUTH
FEauth {
enable = 1
table = fe_users
sync < FEusers
}
BEusers = LDAP_SYNC
BEusers {
enable = 1
table = be_users
basedn = ou=users,o=....
handleNotFound = 1
handleNotFound {
delete = 1
}
pid = root
filter =(&(objectClass=inetOrgPerson)
(groupMembership=cn=staff,ou=groups,o=....))
uniqueField = tx_ldapserver_dn
fields {
username = MAP_OBJECT
username.attribute = uid
username.userFunc = tx_ldapserver->getSingleValue
tx_ldapserver_dn = MAP_OBJECT
tx_ldapserver_dn.special = DN
#admin = MAP_OBJECT
#admin.attribute = uid
#admin.userFunc.defaultValue = 1
#admin.userFunc = tx_ldapserver->setDefaultValue
usergroup = MAP_OBJECT
usergroup.attribute = uid
usergroup.userFunc.defaultValue = 2
usergroup.userFunc = tx_ldapserver->setDefaultValue
lang = MAP_OBJECT
lang.attribute = uid
lang.userFunc.defaultValue = dk
lang.userFunc = tx_ldapserver->setDefaultValue
options = MAP_OBJECT
options.attribute = uid
options.userFunc.defaultValue = 3
options.userFunc = tx_ldapserver->setDefaultValue
realName = MAP_OBJECT
realName.attribute = givenName
realName.userFunc = tx_ldapserver->getSingleValue
fileoper_perms = MAP_OBJECT
fileoper_perms.attribute = uid
fileoper_perms.userFunc.defaultValue = 7
fileoper_perms.userFunc = tx_ldapserver->setDefaultValue
workspace_perms = MAP_OBJECT
workspace_perms.attribute = uid
workspace_perms.userFunc.defaultValue = 3
workspace_perms.userFunc = tx_ldapserver->setDefaultValue
workspace_preview = MAP_OBJECT
workspace_preview.attribute = uid
workspace_preview.userFunc.defaultValue = 1
workspace_preview.userFunc = tx_ldapserver-
>setDefaultValue
email = MAP_OBJECT
email.attribute = mail
email.userFunc = tx_ldapserver->getSingleValue
}
sync < BEusers
}
BEauth = LDAP_AUTH
BEauth {
enable = 1
table = be_users
sync < BEusers
}
Maybe someone can explain why "sync < BEusers" is needed in my LDAP_SYNC
object?
Ore tell my why my users can login everywhere.?
It seems like there is no diffrence betwene the tho LDAP_SYNC objeckts
More information about the TYPO3-english
mailing list