heimrichhannot / contao-ldap-bundle
This bundle offers functionality concerning LDAP servers for the Contao CMS.
Installs: 29
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 6
Forks: 0
Open Issues: 3
Type:contao-bundle
Requires
- php: ^7.4
- ext-ldap: *
- contao/core-bundle: ^4.9
- heimrichhannot/contao-request-bundle: ^1.2
- heimrichhannot/contao-utils-bundle: ^2.196
- symfony/ldap: ^4.4
Requires (Dev)
- contao/manager-plugin: ^2.0
- contao/test-case: 1.1.*
- friendsofphp/php-cs-fixer: ^2.2
- php-coveralls/php-coveralls: ^2.0
- php-http/guzzle6-adapter: ^1.1
- php-http/message-factory: ^1.0.2
- phpunit/phpunit: ^6.0
- symfony/phpunit-bridge: ^3.2
This package is auto-updated.
Last update: 2024-10-13 10:31:49 UTC
README
This bundle offers functionality concerning LDAP servers for the Contao CMS.
Features
- synchronization for users and their groups from an ldap server (works both for frontend members and backend users)
- synchronize by command and/or on demand (login in frontend and backend -> no custom login module required)
Installation & configuration
- Run
composer require heimrichhannot/contao-ldap-bundle. - Update the database.
- IMPORTANT: Create a backup of your tables
tl_user,tl_user_group,tl_memberandtl_member_groupjust in case something goes wrong. - Create your configuration as described in the section "Configuration".
- Clear the cache if your system is not in dev environment.
Configuration
Run vendor/bin/contao-console config:dump-reference huh_ldap to see the complete config reference.
A sample configuration for syncing backend users could be as follows (member configuration is nearly identical):
huh_ldap: user: connection: # here you can pass in all options allowed in symfony/ldap connections host: localhost encryption: ssl bind_dn: cn=admin,dc=example,dc=com bind_password: some_password person_username_ldap_field: uid # this field is used to match the username in contao login forms with the ldap representation person: # config for persons admin_gid_number: 5002 base_dn: ou=People,dc=example,dc=com group: # config for groups base_dn: ou=Groups,dc=example,dc=com
Technical details
How does the synchronization work?
Basically, by running the command vendor/bin/contao-console huh_ldap:sync_persons the users and groups are imported as
specified in your config.yml configuration. You can do that initially to retrieve all users/members.
In addition, on login (backend and frontend), the data for the given username is retrieved from ldap and synced to the
local entity (you can specify the field being used in your person_username_ldap_field config).
In most cases, you won't necessarily need to call the command as a cronjob every night, because the data is retrieved on demand on login. Nevertheless, if you need to have up-to-date data, you can call the command as often as you like ;-)
What if the users/members already exist locally and in the ldap directory?
If – by means of username – a user or member already exists in the local system and in the ldap directory but has not
been "migrated", i.e. has a ldapUidNumber set in the database, yet?
In this case the match is done by the value of username in contao and in ldap (field is specified
by person_username_ldap_field in your config). Then the corresponding ldapUidNumber is set and the data from the
ldap directory is stored to the local user object so that everything is in sync.
In addition, per default, the following fields are synchronized from ldap to the local users/members:
- username
- firstname, lastname (members)
- name (users)
What if the groups already exist locally and in the ldap directory?
Because groups don't have a unique field like "username" in the case of users, if you'd like to avoid that groups
already existing both in ldap and local are added again locally, you need to set the ldapGidNumber in the
corresponding tl_member/tl_user database records manually before importing.