Deutsch 
ldap_auth with OpenLDAP
- my ldap_server configuration
I have struggled a long time to get frontend-authentication working with openldap. Unfortunately there is no clear documentation for 'how to authenticate against openldap with typo3'. Fact is, I made it. To the right is the relevant server configuration.
You need all ldap_modules (like ldap_server, ldap_auth, ldap_lib) in order to make that work. Frontend-Authentication works by authenticating the user against the ldap database, synchronizing the user to the typo3-database and finally applying the rights. My Problem was, that I wanted to assign a static typo3 frontend-group, but I couldn't find a possibility how to do that. So I wrote my own - see code below.
This is my TypoScript Configuration of the ldap_server object:
FEusers = LDAP_SYNC
FEusers {
enable = 1
table = fe_users
pid = 179
basedn = ou=People,o=MyOrg,dc=yourhost,dc=com
# Note that the gidNumber is optional, I use this to _only_
# sync my real users, no unix daemon users
filter = (&(objectClass=anyCriteriaThatMatchesUsers)(gidNumber=100))
uniqueField = tx_ldapserver_dn
fields {
username = MAP_OBJECT
username.attribute = uid
username.userFunc = tx_ldapserver->getSingleValue
maxSpace = MAP_OBJECT
maxSpace.attribute = maxSpace
maxSpace.userFunc = tx_ldapserver->getSingleValue
usedSpace = MAP_OBJECT
usedSpace.attribute = usedSpace
usedSpace.userFunc = tx_ldapserver->getSingleValue
name = MAP_OBJECT
name.attribute = cn
name.userFunc = tx_ldapserver->getSingleValue
tx_ldapserver_dn = MAP_OBJECT
tx_ldapserver_dn.special = DN
usergroup = MAP_OBJECT
usergroup.attribute = gidNumber // not actually used but required
usergroup.userFunc = tx_ldapserver->setDefaultValue
// Thanks to Toby Cooper for this suggestion
usergroup.userFunc.defaultValue = 8 // all my users have userid 8.
usergroup.userFunc.pid = 179
usergroup.userFunc.table = fe_groups
}
}
FEauth = LDAP_AUTH
FEauth {
enable = 1
table = fe_users
sync < FEusers
}
And that's it. All my users can authenticate against my ldap. Thanks to Toby Cooper for is feedback to make this easier.