groups are not assigned to the users

xperseguers / t3ext-ig_ldap_sso_auth

TYPO3 Extension ig_ldap_sso_auth. This extension provides LDAP and SSO support for TYPO3.

https://extensions.typo3.org/extension/ig_ldap_sso_auth

27 stars 70 forks source link

groups are not assigned to the users #62

Closed medarob closed 4 years ago

medarob commented 5 years ago

Hi,

I have a problem with the LDAP usergroups. It seems like that FE and BE usergroups are not assigned correctly to the users. I noticed that the following option is disable for FE and BE usergroups: grafik

Do I have to activate this option in order to make this work? I'm not sure how to activate this option.

Here is my filter instruction and mapping instruction for FE users: (&(sAMAccountName={USERNAME})(employeeID=*))

pid = 171
tstamp = {DATE}
email = <mail>
name = <cn>
first_name = <givenName>
last_name = <sn>
title = <title>
company = <company>
address = <streetAddress>
zip = <postalCode>
city = <l>
country = <countryCode>
telephone = <telephoneNumber>
usergroup = <memberOf>

But now, each user has 50 usergroups (FE) or 62 usergroups (BE) assigned but those are not the correct once. Normally only 4 to 20 groups are assigned to each user.

Does someone has an idea why this could happen?

TYPO3 8.7.26 LDAP 3.3.1

fabtho commented 5 years ago

On the LDAP Tab you can switch this on "Extract groups from membership attribute"

AwesomeScreenshot-intranet9-kshp-ch-typo3-index php-2019-08-14_4_30

ulrike-cosmoblonde commented 5 years ago

Hi, has this issue been solved? I seem to have the same issue and it does not seem to be related to the group_membership setting. I can retrieve users and groups (FE and BE) from my AD, but I can't get any groups assigned to my imported users. With the FE- and BE-user mapping: usergroup = no group is assigned.

Using Typo3 v9.5.5.

Update: The suggested fix from here https://github.com/xperseguers/t3ext-ig_ldap_sso_auth/pull/57 has solved the issue for me

medarob commented 4 years ago

We updated the extension to 3.5 but the problem is still there. Every BE user has over 60 groups assigned. grafik

If I use the search functionality and search for that BE user it works. The memberof attribute has 23 groups listed. (But that worked also in v3.4) grafik

(I also tried the previous fix mentioned but that didn't solve the problem.)

xperseguers commented 4 years ago

@medarob Looks like the problem is not really that groups are not assigned, but that too many groups are assigned. Please open a new ticket and describe exactly what is the problem, making sure to explain for instance if the 23 groups that should be assigned are actually assigned among the "60+ groups" assigned or not, if you assign static groups as well, ... well everything step-by-step in order to reproduce this problem. Thanks.