@Acta - nochmals danke für den Link auf den Thread.
Ich habe mir dein LDAP Modul runtergeladen und in mein bestehendes Contao eingebaut.
Leider funktioniert es leider immer noch nicht.
Ich poste mal die Konfiguration:
ldap.php
PHP-Code:
//*************************
// LDAP-Authentification
//*************************
class ldap extends Backend {
public function checkCredentials($strUsername,$strPassword) {
if ($GLOBALS['TL_CONFIG']['pl_ldap']==true) {
$ldaphost = strval($GLOBALS['TL_CONFIG']['pl_ldap_server']);
$ldapport = intval($GLOBALS['TL_CONFIG']['pl_ldap_port']);
$ldapdomain = strval($GLOBALS['TL_CONFIG']['pl_ldap_domain']);
$ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost");
if ($ds) {
$binddn = $strUsername."@".$ldapdomain;
$ldapbind = @ldap_bind($ds, $binddn, utf8_decode($strPassword));
if ($ldapbind) return true;
else return false;
ldap_close($ds);
}
else {
return false;
}
}
}
//******************
// LDAP-Import
//******************
public function importUser($strUsername, $strPassword, $strTable)
{
if ($GLOBALS['TL_CONFIG']['pl_ldapimport']==true) {
// Import only for member authentication (not for user authentication)
if ($strTable == 'tl_member')
{
//Connect to LDAP host
if ($GLOBALS['TL_CONFIG']['pl_ldap']==true) {
$ldaphost = strval($GLOBALS['TL_CONFIG']['pl_ldap_server']);
$ldapport = intval($GLOBALS['TL_CONFIG']['pl_ldap_port']);
$ldapdomain = strval($GLOBALS['TL_CONFIG']['pl_ldap_domain']);
$ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost");
// Protokoll und Options setzen
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
//Try bind to LDAP host
if ($ds) {
$binddn = $strUsername."@".$ldapdomain;
$ldapbind = @ldap_bind($ds, $binddn, utf8_decode($strPassword));
if ($ldapbind) {
//Read data from LDAP
$filter="(sAMAccountName=$strUsername)";
//$basedn="ou=Benutzerkonten, dc=plauen, dc=dom";
$basedn=strval($GLOBALS['TL_CONFIG']['pl_ldapimport_basedn']);
$sr = ldap_search($ds, $basedn ,"$filter");
$info = ldap_get_entries($ds, $sr);
$strFullName=$info[0]["cn"][0];
$parts=explode(", ",$strFullName);
if ($parts[1]) {
$strFName = $parts[1];
};
$strName = $info[0]["sn"][0];
$strMail=$info[0]["mail"][0];
// Write data to the typolight database
$objNewUser=$this->Database->prepare("INSERT INTO tl_member SET tstamp=?, firstname=?, lastname=?, login=?, username=?, password=?, email=?, language=?, dateAdded=?")
->execute(time(), utf8_encode($strFName), utf8_encode($strName), 1, $strUsername, time(), $strMail, "de", time());
// Send Email to Admin
$objEmail = new Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->subject = sprintf('Neues Mitglied im Mitarbeiterportal erzeugt: '. utf8_encode($strFName) . " " . utf8_encode($strName));
$objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']);
//Log-entry for new member
$this->log('Neues Mitglied - ' . $strUsername . ' - wurde erzeugt', 'ldapimport importUser()', TL_ACCESS);
//Success -> return true and close the LDAP-connection
return true;
ldap_close($ds);
}
// No success --> return false and close the LDAP-connection
else return false;
ldap_close($ds);
}
}
}
}
}
}
?>
autoload.php
PHP-Code:
<?php
/**
* Contao Open Source CMS
*
* Copyright (c) 2005-2016 Leo Feyer
*
* @license LGPL-3.0+
*/
/**
* Register the namespaces
*/
ClassLoader::addNamespaces(array
(
'HeimrichHannot',
'heimrichhannot',
));
/**
* Register the classes
*/
ClassLoader::addClasses(array
(
// Classes
'HeimrichHannot\Ldap' => 'system/modules/ldap/classes/Ldap.php',
'HeimrichHannot\LdapMember' => 'system/modules/ldap/classes/LdapMember.php',
'HeimrichHannot\LdapMemberGroup' => 'system/modules/ldap/classes/LdapMemberGroup.php',
'ldap' => 'system/modules/ldap/ldap.php',
// Models
'HeimrichHannot\LdapMemberGroupModel' => 'system/modules/ldap/models/LdapMemberGroupModel.php',
'HeimrichHannot\LdapMemberModel' => 'system/modules/ldap/models/LdapMemberModel.php',
// Modules
'heimrichhannot\ModuleLdapLogin' => 'system/modules/ldap/modules/ModuleLdapLogin.php',
));
ModuleLdapLogin.php
PHP-Code:
<?php
namespace heimrichhannot;
class ModuleLdapLogin extends \ModuleLogin
{
protected $isUserNameEmail = false;
/**
* Store Login Module ID in Session, required by LdapAuth (Module config)
* @return string
*/
public function generate()
{
// Login
if (\Input::post('FORM_SUBMIT') == 'tl_login')
{
if (\Input::post('username', true) && \Input::post('password', true))
{
$objMember = \MemberModel::findBy('username', \Input::post('username', true));
if($objMember !== null)
{
// always reset the password to a random value, otherwise checkCredentialsHook will never be triggered
LdapMember::resetPassword($objMember, \Input::post('username', true));
}
}
// validate email
if($GLOBALS['TL_CONFIG']['ldap_uid'] == 'mail' && !\Validator::isEmail(\Input::post('username', true)))
{
\Message::addError($GLOBALS['TL_LANG']['ERR']['email']);
$this->reload();
}
}
$strParent = parent::generate();
return $strParent;
}
protected function compile()
{
parent::compile();
if($GLOBALS['TL_CONFIG']['ldap_uid'] == 'mail')
{
$this->Template->username = $GLOBALS['TL_LANG']['MSC']['usernamemail'];
}
}
}
localconfig.php
PHP-Code:
### INSTALL SCRIPT START ###
$GLOBALS['TL_CONFIG']['licenseAccepted'] = true;
$GLOBALS['TL_CONFIG']['installPassword'] = '$2y$10$XkEhHkkeOgL/sUpFa3tDTudfef91nLp9nMr1nuJ5ibOiFajlLjdI.';
$GLOBALS['TL_CONFIG']['encryptionKey'] = '87cdb4d7614b94e5eb1cac3a160b7f3a';
$GLOBALS['TL_CONFIG']['dbDriver'] = 'MySQL';
$GLOBALS['TL_CONFIG']['dbHost'] = 'localhost';
$GLOBALS['TL_CONFIG']['dbUser'] = 'root';
$GLOBALS['TL_CONFIG']['dbPass'] = 'password';
$GLOBALS['TL_CONFIG']['dbDatabase'] = 'contao';
$GLOBALS['TL_CONFIG']['dbPconnect'] = false;
$GLOBALS['TL_CONFIG']['dbCharset'] = 'UTF8';
$GLOBALS['TL_CONFIG']['dbPort'] = 3306;
$GLOBALS['TL_CONFIG']['dbSocket'] = '';
$GLOBALS['TL_CONFIG']['inactiveModules'] = 'a:1:{i:0;s:10:"repository";}';
$GLOBALS['TL_CONFIG']['ldap'] = true;
$GLOBALS['TL_CONFIG']['ldap_host'] = 'EXT. IP ADRESSE DES SERVER';
$GLOBALS['TL_CONFIG']['ldap_base'] = 'DC=HOSTNAME VOM LDAP,DC=mydomain,DC=intern,OU=Users';
$GLOBALS['TL_CONFIG']['ldap_port'] = 389;
$GLOBALS['TL_CONFIG']['ldap_filter'] = '(&(objectClass=person)(objectClass=posixAccount))';
$GLOBALS['TL_CONFIG']['ldap_filter_person'] = '(&(objectClass=person)(objectClass=posixAccount)';
$GLOBALS['TL_CONFIG']['ldap_filter_group'] = '(&(cn=groups))';
$GLOBALS['TL_CONFIG']['ldap_groups'] = '';
$GLOBALS['TL_CONFIG']['ldap_uid_skip'] = '';
$GLOBALS['TL_CONFIG']['ldap_uid'] = 'uid';
$GLOBALS['TL_CONFIG']['ldap_method'] = 'plain';
$GLOBALS['TL_CONFIG']['ldap_binddn'] ='CN=Administrator,UID=Administrator,DC=HOSTNAME VOM LDAP,OU=Users,CN=Users,DC=mydomain,DC=intern';
$GLOBALS['TL_CONFIG']['ldap_password'] = 'BIND DN PASSWORD';
$GLOBALS['TL_CONFIG']['adminEmail'] = 'admin@email.com';
$GLOBALS['TL_CONFIG']['maintenanceMode'] = false;
$GLOBALS['TL_CONFIG']['useSMTP'] = false;
$GLOBALS['TL_CONFIG']['latestVersion'] = '3.5.14';
$GLOBALS['TL_CONFIG']['defaultUser'] = 1;
### INSTALL SCRIPT STOP ###
Wenn ich versuche mich anzumelden (mit dem Bind DN Admin, ebenfalls das gleiche mit einem Testuser der im AD vorhanden ist), kommt keine Fehlermeldung mehr sondern die Seite bleibt jetzt weiß.
(Vorher hieß es im Log Could not find user "Administrator")
Jetzt gibt es auch keine aktuelle Meldung im Log das irgendwas passiert ist...
Den Bind DN werde ich natürlich wenns produktiv geht gegen einen anderen User ersetzen der nur Leserechte aufs AD hat.
Vielleicht findest du den Fehler oder kannst mir noch einen Rat geben? Many THX für eure Hilfe und Geduld.
Lesezeichen