Closed oheil closed 4 years ago
astehlik
commented
5 years ago Thank you for your work. I tested it with TYPO3 9 and run into some problems.
If you are interested you can find my fixes here: https://github.com/Intera/typo3-extension-ig_ldap_sso_auth/commits/typo3-9
Feel free to merge them into this branch :)
dercodercom
commented
5 years ago @astehlik thx for work :)
Flashdown
commented
5 years ago For me the group lookup on FE user login does not work using astehlik's branch, so membership is not detected, also when importing users manually, no groups will be assigned, same when I imported the target groups manually where the user is a direct member of. Apache2(Linux), T3 9.5.4 on PHP 7.2 with plugin config against Active Directory, in the plugin I can successfully import groups and users. So only user authentication against AD is currenty working for me.
Short Config Insight:
Tab LDAP:
Bind DN: cn=MySpecialUser,cn=Users,dc=domain,dc=com
Relation between groups and users : user contains the list of its associated groups
TAB FE_Users:
Base DN: ou=Users,ou=ATREE,dc=sub,dc=domain,dc=com
Filter: (&(sAMAccountName={USERNAME})(objectClass=user)(objectCategory=person))
Mapping:
pid = 3
email = <mail>
name = <cn>
first_name = <givenName>
last_name = <sn>
title = <title>
address = <streetAddress>
zip = <postalCode>
city = <l>
telephone = <telephoneNumber>
lastlogin = {DATE}
usergroup = <memberof>
TAB FE_Groups
Base DN: ou=Groups,ou=ATREE,dc=sub,dc=domain,dc=com
Filter: (&(sAMAccountName={USERNAME})(objectClass=group))
Mapping:
pid = 3
title = <cn>Am I am doing something wrong in my configuration?
astehlik
commented
5 years ago Hi @Flashdown.
We are using an Active directory as well and the group assignment works.
Please try changing these setting:
usergroup property mapping.I hope it helps.
Flashdown
commented
5 years ago Hi @astehlik well it seems I can set what I want, your suggestion sadly just leaded to a bunch of groups beeing imported, but no ldap user is a member of any of these groups in typo3 and no imported group is a member of another imported group as in Active Directory. I've tested the plugin from repo in 8.7.24 LTS and this one on 9 LTS both with php 7.2.
The plugin here seems to not function any more since one of the last commits here, but this made it working again, but giving me the same results than before: https://github.com/Idleworks/t3ext-ig_ldap_sso_auth
I really don't get what I do wrong here, if I do something wrong, but the only thing working for me is user authentication only. for example my test user is member of MyRole in AD, MyRole has been imported in typo3 by the plugin, but my ldap user is not a member of this group in typo3, when I give the user in typo3 the role he has in AD and I login, then this assignment gets lost/deleted, so I strongly believe the code was unable to verify group membership for my user and therefore deletes it from the user, so only local groups remain if any assigned to my users account but manually ldap groups assigned to a typo user gets lost while the user is a direct member of that group in AD.
@astehlik I assume that when you delete a group membership of a user in typo3 only then it will be added right back when the ldap user logs in and if you have an ldap group assigned to the typo3 user where he is not a member of in AD it will be deleted upon login. If that works for you, could you please share your configuration with me/us?
If I configure a required ldap group in tab fe_users in the ldap config, then login is never successfull, so this also confirms that groupmembership checks never worked for me while the plugins search wizard for user and groups works great. I just don't get it, that I can't even get it working in 8.7.24 LTS with the version from the repo.
xperseguers
commented
4 years ago Too many commits, lots of conflicting files and in the mean time PHP 7.3 and TYPO3 9.5 are both supported so I don't know what this PR really brings.
Feel free to resurrect it if needed.
Forked from https://github.com/dercodercom/t3ext-ig_ldap_sso_auth/master
missing commits from https://github.com/xperseguers/t3ext-ig_ldap_sso_auth/master are included.
Deprecation warning coming up
Core: Error handler (FE): PHP Runtime Deprecation Notice: Non-static method TYPO3\CMS\Core\Crypto\Random::generateRandomBytes() should not be called statically in /var/www/sites/webcms7.inet.dkfz-heidelberg.de/typo3_install/typo3_9LTS/www/html/typo3conf/ext/ig_ldap_sso_auth/Classes/Domain/Repository/Typo3UserRepository.php line 429ignored for now.Tested only Frontend User+Groups ActiveDirectory login, not using Backend login.