Hi,

I have LDAP authentication working fine, against Novell eDirectory.. I was try to vary user roles based on description of the user in eDir, it works fine for a new user, based on the description they will be placed in the appropriate group, problem is if i try to change the description to .. say promote the user to a different role, it fails because a user with that email already exists.. is the a way that if users exists and group is different to just update group in the CMS?

Thanks,

Mark-

Ok, I upgraded to the latest svn version, which now uses UseAnchor , but still no luck.. It is supposed to now .. if user exists update attributes, but fails after checking the first source and not finding a match, so i try to set ExternalAuthentication::setUseAnchor('true'); but un remarking that line at all causes a white screen.. I can go into the ExternalAuthenticator.php and force the default to true which gives me the drop down for users sources.. and will allow login when choosing the correct source but does not update the autoadd group...

Maybe I should state what I am looking for..

I want to have multiple ldap sources with in the same ldap directory, by with OU, or groupmembership, or what ever.. then depending on which source succeeds on auth, a different level of silverstripe group would get set..

ie.. user found thats found in ou=users and is in the ldap group webAdmin gets added to the SS administrators group, and if a users id found in ou=users and is in the ldap group webEditor gets added to a SS Editors group.. then if i take the users out of one group and put into the other, the auth should still succedd and the SS group should get updated..

Mark-

My man Roel is absolutely awesome!! He tweaked the code for me and now allows group mapping setup in the configuration, so now when a user logs in it checks the users group membership via ldap looking for a group defined in the mapping, it it finds a match it sets the new group.. We now have identity base , directory driven back-end security, as well as the ability to have identity based content delivery and accessibility..

Very nice work Roel!!!!

Mark-

My pleasure, it was fun to do some coding again...

Now if I can get myself to rework the unittests I can make the first 0.4 release candidate
(the latest 0.3 works fine with SilverStripe 2.4.0 by the way)

Hi, I wanted to do the same thing, but haven't seen the update in the configuration yet. I have the v0.3.1 and want to update site groupmembership on login to reflect the secundary group(s) of the user in the LDAP server. Because all the users in our LDAP database have user as primary group and their roles are given by their secundary groups. Thanks in advance for a reply and the effort. It's a really great module!

Its the latest version in the svn..

http://svn.silverstripe.com/open/modules/auth_external/trunk

rapid svn is a pretty easy svn client.

http://www.rapidsvn.org/download/release/0.12/

Make sure to read the update instructions, you have to manually Logon to the database as administrator
alter table Member change column External_UserID External_Anchor VarChar(255);

Mark-

Thanks a lot Mark!

I dont know whether it is correct or not . But Instead of changing the Column Name From External_UserID to External_Anchor . I modified the function getHandleToUse in ExternalAuthenticator.php

it worked to me.
$memberquery = "\"Member\".\"External_UserID\" = '$SQL_anchor' AND \"Member\".\"External_SourceID\" = '$SQL_source'";

Let me know your views. Is it correct way to do