Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DOCS - replacing the default authenticator #24

Closed
wants to merge 1 commit into from
Closed

DOCS - replacing the default authenticator #24

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 29 additions & 1 deletion docs/en/developer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ This guide assumes that you already have a running Active Directory server which

- [Install the module](#install-the-module)
- [Configure SilverStripe Authenticators](#configure-silverstripe-authenticators)
- [Bypass LDAP login form](#bypass-ldap-login-form)
- [Show the LDAP Login button on login form](#show-the-ldap-login-button-on-login-form)
- [Set LDAP as default authenticator](#set-ldap-as-default-authenticator)
- [Bypass auto login](#bypass-auto-login)
- [Configure LDAP synchronisation](#configure-ldap-synchronisation)
- [Connect with LDAP](#connect-with-ldap)
- [Configure LDAP search query](#configure-ldap-search-query)
Expand Down Expand Up @@ -117,6 +119,32 @@ if (getenv('LDAP_HOSTNAME') && getenv('LDAP_USERNAME') && getenv('LDAP_PASSWORD'
}
```

### Set LDAP as default authenticator

If you’d like to set LDAP as the default authenticator, you will need to reset the list of authenticators first. You can achieve this with the following approach in the `mysite/_config/ldap.yml` file:

```
---
Name: authreset
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This block isn't actually required as the default authenticator is being specifically overwritten (eg. https://github.com/silverstripe/silverstripe-mfa/blob/master/_config/config.yml#L1-L10)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normally I would agree with you, but when I tried it without the reset block, the member authenticator was still the default, even after /dev/build?flush=1

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following kinglozzer's comments, I'll remove the reset block :)

After:
- '#coresecurity'
---
SilverStripe\Core\Injector\Injector:
SilverStripe\Security\Security:
properties:
Authenticators: null
---
Name: myldapsettings
After:
- '#authreset'
---
SilverStripe\Core\Injector\Injector:
SilverStripe\Security\Security:
properties:
Authenticators:
default: %$SilverStripe\LDAP\Authenticators\LDAPAuthenticator
```

### Bypass auto login

If you register the LDAP authenticator as the default authenticator, it will no longer allow you to login with unsynchronised users (e.g. the default "admin" user for local development).
Expand Down