Login events

[Aloh-cgi]

I have tried to use the ldap connection but the method to login with ldap use the event 'pimcore.admin.login.credentials' which does not exist on pimcore.

[BlackbitDevs]

You are right, in Pimcore 11 the event pimcore.admin.login.credentials does not exist anymore but the event is named Pimcore\Bundle\AdminBundle\Event\Login\LoginCredentialsEvent there (don't know why they add such artificial BC breaks and not even mention them in https://pimcore.com/docs/platform/Pimcore/Installation_and_Upgrade/Upgrade_Notes/#authentication- ...). Can you try if it works with dev-master, @Aloh-cgi ? Or if you do not have Bitbucket access, please notify me. Then I will send you the zip file.

[Aloh-cgi]

Thank you for your answer. I do not have a bitbucket acces and currently using the version 1.2.1 of the bundle with the zip. @BlackbitDevs

[BlackbitDevs]

To which email address / company shall I sent the zip to?

PS: Have updated Pimcore upgrade notes in https://github.com/pimcore/pimcore/pull/17146.

[Aloh-cgi]

Hello, do you have any update for me ?

[BlackbitDevs]

I have sent you the zip yesterday at 17:28. I try again...

[Aloh-cgi]

Got it, thank you. I will tell you if it fix my problem

[marcoschivoesse]

Hi, can you also update the bundle for only ldap https://github.com/BlackbitDigitalCommerce/pimcore-ldap-bundle ? Or send here the update to file

[BlackbitDevs]

Problem actually is not resolved yet, Pimcore simply removed the event. We need to wait for https://github.com/pimcore/pimcore/pull/17158 to be accepted - until then LDAP does not work under Pimcore 11...

[marcoschivoesse]

Thanks, I understand... we hope in faster merge! An information: does the authentication with ldap work only when a user exists with the given username? If in pimcore there isn't the user (but only in ldap), will the bundle create the user if not found on pimcore?

[BlackbitDevs]

If in pimcore there isn't the user (but only in ldap), will the bundle create the user if not found on pimcore?

Yes, the Pimcore user will get created.

[marcoschivoesse]

But the event "pimcore.admin.login.failed" (where you hang to create the user) is no longer present or am I wrong?

[BlackbitDevs]

Actually this check if the user exists should already be also done at pimcore.admin.login.credentials. And this is where https://github.com/pimcore/pimcore/pull/17158 comes into play.

[marcoschivoesse]

We tried applying the changes manually but that function only works if it has found the user first. Otherwise the password verification will not occur.

[BlackbitDevs]

You mean you have patched Pimcore according to https://github.com/pimcore/pimcore/pull/17158 ?

And you say that the LDAP server does not get asked for password verification? This should not be the case for this bundle but it is for https://github.com/BlackbitDigitalCommerce/pimcore-ldap-bundle - this is one of the weaknesses of the free bundle: It always checks first with Pimcore's default mechanism if login is valid and only afterwards requests the LDAP server. The problem was there that the real LDAP password got ssaved in the Pimcore user. This means that there is no way to disable the account from the outside. The SSO bundle changes this. After the credentials are validated on LDAP server, a random password will get set to the Pimcore user. Thus Pimcore has to request the LDAP server on every login. And this way the control of the login is really on the LDAP side.

[marcoschivoesse]

Thank you very much, I proceed to buy the bundle!

[BlackbitDevs]

Found an alternative way to support LDAP login: via custom_authenticators for the security_firewall config.