Have spent some time getting LDAP Integration in TYPO3 to work. The goal is to have BE and FE users validated by LDAP and not Typo3.
We have chosen to use the TYPO3 extension ldap_auth. We use the following versions: ldap_auth 0.2.1 ldap_lib 0.2.0 ldap_server 0.2.1 Typo3 version 4.2.9 PHP Version 5.2.5 Follow the various guides to setup ldap_server and ldap_auth. In a tcpdump I can se that auth against LDAP server is successful. But it seems like typo3 don't understand that. I have tried different thins but if I set: BEusers = LDAP_SYNC BEusers { ........ sync < BEusers ........ } My users get loged in. I authorizise both FE an BE users agains Ldap - and need the sync statment ind both BEusers and FEusers. BUT: now my FEusers can login in BE? - and my BEusers in FE (which obviously is not as critical) The total "conf" is the following: FEusers = LDAP_SYNC FEusers { enable = 1 table = fe_users basedn = ou=partners,o=.... handleNotFound = 1 handleNotFound { delete = 1 } pid = 181 filter =(objectClass=inetOrgPerson) uniqueField = tx_ldapserver_dn fields { username = MAP_OBJECT username.attribute = uid username.userFunc = tx_ldapserver->getSingleValue tx_ldapserver_dn = MAP_OBJECT tx_ldapserver_dn.special = DN usergroup = MAP_OBJECT usergroup.attribute = uid usergroup.userFunc.defaultValue = 2 usergroup.userFunc = tx_ldapserver->setDefaultValue company = MAP_OBJECT company.attribute = sn company.userFunc = tx_ldapserver->getSingleValue email = MAP_OBJECT email.attribute = mail email.userFunc = tx_ldapserver->getSingleValue } sync < FEusers } FEauth = LDAP_AUTH FEauth { enable = 1 table = fe_users sync < FEusers } BEusers = LDAP_SYNC BEusers { enable = 1 table = be_users basedn = ou=users,o=.... handleNotFound = 1 handleNotFound { delete = 1 } pid = root filter =(&(objectClass=inetOrgPerson) (groupMembership=cn=staff,ou=groups,o=....)) uniqueField = tx_ldapserver_dn fields { username = MAP_OBJECT username.attribute = uid username.userFunc = tx_ldapserver->getSingleValue tx_ldapserver_dn = MAP_OBJECT tx_ldapserver_dn.special = DN #admin = MAP_OBJECT #admin.attribute = uid #admin.userFunc.defaultValue = 1 #admin.userFunc = tx_ldapserver->setDefaultValue usergroup = MAP_OBJECT usergroup.attribute = uid usergroup.userFunc.defaultValue = 2 usergroup.userFunc = tx_ldapserver->setDefaultValue lang = MAP_OBJECT lang.attribute = uid lang.userFunc.defaultValue = dk lang.userFunc = tx_ldapserver->setDefaultValue options = MAP_OBJECT options.attribute = uid options.userFunc.defaultValue = 3 options.userFunc = tx_ldapserver->setDefaultValue realName = MAP_OBJECT realName.attribute = givenName realName.userFunc = tx_ldapserver->getSingleValue fileoper_perms = MAP_OBJECT fileoper_perms.attribute = uid fileoper_perms.userFunc.defaultValue = 7 fileoper_perms.userFunc = tx_ldapserver->setDefaultValue workspace_perms = MAP_OBJECT workspace_perms.attribute = uid workspace_perms.userFunc.defaultValue = 3 workspace_perms.userFunc = tx_ldapserver->setDefaultValue workspace_preview = MAP_OBJECT workspace_preview.attribute = uid workspace_preview.userFunc.defaultValue = 1 workspace_preview.userFunc = tx_ldapserver- >setDefaultValue email = MAP_OBJECT email.attribute = mail email.userFunc = tx_ldapserver->getSingleValue } sync < BEusers } BEauth = LDAP_AUTH BEauth { enable = 1 table = be_users sync < BEusers } Maybe someone can explain why "sync < BEusers" is needed in my LDAP_SYNC object? Ore tell my why my users can login everywhere.? It seems like there is no diffrence betwene the tho LDAP_SYNC objeckts _______________________________________________ TYPO3-english mailing list TYPO3-english@lists.typo3.org http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english