Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/heimrichhannot/contao-ldap-bundle
https://github.com/heimrichhannot/contao-ldap-bundle
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/heimrichhannot/contao-ldap-bundle
- Owner: heimrichhannot
- Created: 2021-07-01T13:53:01.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2022-10-13T06:03:09.000Z (about 2 years ago)
- Last Synced: 2023-09-23T12:13:04.642Z (over 1 year ago)
- Language: PHP
- Size: 30.3 KB
- Stars: 0
- Watchers: 5
- Forks: 0
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
Awesome Lists containing this project
README
# Contao LDAP Bundle
This bundle offers functionality concerning LDAP servers for the Contao CMS.
## Features
- synchronization for users and their groups from an ldap server (works both for frontend members and backend users)
- synchronize by command and/or on demand (login in frontend and backend -> no custom login module required)## Installation & configuration
1. Run `composer require heimrichhannot/contao-ldap-bundle`.
1. Update the database.
1. **IMPORTANT: Create a backup of your tables `tl_user`, `tl_user_group`, `tl_member` and `tl_member_group` just in
case something goes wrong.**
1. Create your configuration as described in the section "Configuration".
1. Clear the cache if your system is not in dev environment.## Configuration
Run `vendor/bin/contao-console config:dump-reference huh_ldap` to see the complete config reference.
A sample configuration for syncing backend users could be as follows (member configuration is nearly identical):
```yaml
huh_ldap:
user:
connection: # here you can pass in all options allowed in symfony/ldap connections
host: localhost
encryption: ssl
bind_dn: cn=admin,dc=example,dc=com
bind_password: some_password
person_username_ldap_field: uid # this field is used to match the username in contao login forms with the ldap representation
person: # config for persons
admin_gid_number: 5002
base_dn: ou=People,dc=example,dc=com
group: # config for groups
base_dn: ou=Groups,dc=example,dc=com
```## Technical details
### How does the synchronization work?
Basically, by running the command `vendor/bin/contao-console huh_ldap:sync_persons` the users and groups are imported as
specified in your `config.yml` configuration. You can do that initially to retrieve all users/members.In addition, on login (backend and frontend), the data for the given username is retrieved from ldap and synced to the
local entity (you can specify the field being used in your `person_username_ldap_field` config).In most cases, you won't necessarily need to call the command as a cronjob every night, because the data is retrieved on
demand on login. Nevertheless, if you need to have up-to-date data, you can call the command as often as you like ;-)### What if the users/members already exist locally *and* in the ldap directory?
If – by means of username – a user or member already exists in the local system and in the ldap directory but has not
been "migrated", i.e. has a `ldapUidNumber` set in the database, yet?In this case the match is done by the value of username in contao and in ldap (field is specified
by `person_username_ldap_field` in your config). Then the corresponding `ldapUidNumber` is set and the data from the
ldap directory is stored to the local user object so that everything is in sync.In addition, per default, the following fields are synchronized from ldap to the local users/members:
- username
- firstname, lastname (members)
- name (users)### What if the groups already exist locally *and* in the ldap directory?
Because groups don't have a unique field like "username" in the case of users, if you'd like to avoid that groups
already existing both in ldap and local are added again locally, you need to set the `ldapGidNumber` in the
corresponding `tl_member`/`tl_user` database records manually **before importing**.### Commands
Name | Description | Options
-----|-------------|--------
`huh_ldap:sync_persons` | Synchronize the members/users as specified in your `config.yml` | `dry-run`: See what the command would do without changing any data.
`mode`: Limit the command to users or members ("user" or "member"). Dismiss the parameter to do both.
`uids`: Limit the command to specific uids by providing a comma-separated list.### Events
Name | Description
-----|------------
AfterPersonImport | Run after a person is initially imported.
AfterPersonUpdate | Run after a person is updated.