Extend Backend Login using LDAP

overflow · December 10, 2016, 2:52pm

Hi,

so I finally got LDAP Frontend Login implemented using the TYPO3.LDAP. This Package does extend PersistedUsernamePasswordProvider since it does cache the credentials as a fallback.

I’d like to be able to login using LDAP in the backend. How can I do that?

I think the package does cache the users using a file and not the database, is that correct maybe? though, if it would save them in the database I could just assign them a role and then they should be able to login, but yeah… Im a noob.

So, how do I do that?

Edit:

I can see that the LDAP Package does create an user in typo3_flow_security_account but when doing ./flow user:list it does not list that user. Also user:activate says, it does not exist. Also it seems that the password is not really cached.

LdapProvider is my own Provider I wrote - the only thing I did different to the original LDAPProvider is, that I added a isServerOnline() function since my $host string didn’t work with the one existing. So this shouldn’t affect anything in the caching.

Here’s a dump:
(‘eb9f67f5-770e-47d0-9ab5-2c5204da441a’,‘foobar’,‘LdapProvider’,NULL,‘2016-12-10 12:13:49’,NULL,NULL,NULL,NULL);

As you can see, it seems a bit poor. Anyway, why does it create this strange entry?

radmiraal · December 10, 2016, 9:41pm

Hey @overflow,

At the moment you can only accomplish a backend login in a solid way by overriding the authentication provider settings for the TYPO3BackendProvider, this is because you would run into conflicts with personal workspace names if you use a second backend provider.

If you want to list other users using the ./flow user:list argument you can use the extra argument for that (think it is --authenticationprovider, but check ./flow help user:list to be sure)

In addition to that: the LDAP package does NOT cache credentials, it only creates a flow security account that represents the remote ldap account. This record is needed so the security framework has an actual account to work with, although it being authenticated by an external system. This is a common practice in quite a lot of systems btw.

overflow · December 11, 2016, 12:08pm

okay, I’ll look into the TYPO3BackendProvider. I though that it does cache the credentials as a fallback in case the LDAP Server is offline. But okay, that kind of makes sense.

THanks for the infos