LDAP Backend Login (incl. SSO / Single Sign-On)
by robertpiplica (1) Ratings Source Available 14 DownloadsCurrent version:
Cloud / Self-hosted
This extension/theme cannot be used in a Shopware Cloud shop. Cloud Self-hosted
This plugin is available for Shopware 6
Support
- Support by: robertpiplica
- Support available in:
Plugin details
- Order number: Ropi445776816379
- Manufacturer: robertpiplica
- Version: 1.1.2
- Last update: 28 Jul 2020
- Plugin available in:
- Self-hosted compatibility: 5.2.11 – 5.2.275.3.0 – 5.3.75.4.0 – 5.4.65.5.0 – 5.5.105.6.0 – 5.6.9
Product information
LDAP Backend Login
The plugin enables authentication via LDAP to your Shopware backend.
SSO / Single Sign-On is also supported (e.g. via Kerberos or Shibboleth).
Functionality
In the plugin settings you have to configure a so-called LDAP bind user. With the help of this bind user, the plugin will search for the authenticating user via LDAP on each backend login. For the LDAP user search a filter can be configured. If the user was found and the password matches, a new backend user is automatically created in Shopware and the user will be directly logged in. The data for the new backend user will be fetched via LDAP. A cronjob periodically updates the data of the created Shopware backend users (e. g. name changes in directory service or account will be deleted in directory service etc.). LDAP will be accessed read-only by the plugin.
Regular Shopware backend users can still log in without LDAP authentication.
Customer reviews
As the owner of this extension you can rate it in the Shopware account
Rate now in your accountAverage customer rating from 1 reviews:
Fantastic support with a great module
This module streamlined our Shopware integration to our LDAP environment, we had a minor hiccup but the developer provided fantastic support with a quick bug fix
Installation manual
Important
Before buying this plugin, please use the trial version to make sure that this plugin is compatible with your Shopware environment and directory service.
Required PHP modules
- ldap
- openssl
- reflection
LDAP Version
Currently only protocol version 3 is supported.
Configuration
Hostname of LDAP serverHere you have to specifiy the host name or the IP address of the directory service to which you want to connect via LDAP (e.g. openldap.example.org or 120.14.6.17).
Port of LDAP serverHere you have to specifiy the port number on which the directory service listens for LDAP connections (usually 389).
Encryption ProtocolSelect the type of encryption to use for the LDAP connection. Please note when using LDAPS usually a special port has to be configured (usually 636).
Bind DNHere you have to specify the full DN of the bind user (e.g. exampledomain\ldap-user or cn=ldap-user,dc=example,dc=org). This user searches for user accounts via LDAP on each backend login or while synchronization cronjob is running. LDAP will be accessed always read-only.
PasswordHere you have to specify the associated password for the bind user which you have defined above.
Base DN of UsersHere you have to specify the DN with which to search for LDAP users who are allowed to log in to your Shopware backend (e.g. ou=shopwareusers,dc=example,dc=org)
User Filter PatternHere you have to define the filter constraint with which to search for LDAP users. You can specifiy any LDAP search filter (RFC 4515 or RFC 2254), e.g. cn={$username} or (&(cn={$username})(objectClass=person)(objectClass=user)). The placeholder {$username} will be replaced with the value that the user enters in the username field of the backend login mask.
User's full name AttributeHere you have to specify the attribute to use as user's full name within Shopware. Usually this should be the first and last name (e.g. cn).
Mail AttributeHere you have to specify the attribute to use as mail address within Shopware.
Fallback E-Mail-AdresseHere you have to specify a mail address that will be assigned to the Shopware user if no mail address can be fetched via LDAP.
User Role IDHere you have to specify the ID of the Shopware user role that is assigned to users who log in for the first time (in a default Shopware installation the ID 1 corresponds to the role local_admins). The IDs of the roles can be found in the Shopware database table s_core_auth_roles. Once a user is logged in via LDAP, you can assign an individual role via the Shopware backend.
Locale IDHere you have to specify the ID of the Shopware locale that is assigned to the users who log in for the first time (in a default Shopware installation the ID 1 corresponds to the locale de_DE). This locale ID will be assigned only to users, which does not select a language in the login mask. The IDs of the locales can be found in the Shopware database table s_core_locales.
Debug ModeIf activated, all debug information is logged via the Shopware Pluginlogger (file path var/log/plugin_CONTEXT-YYYY-MM-DD). Helpful for the initial plugin setup or problem analysis.
Cronjob
After successful configuration of the plugin, you should configure the cronjob for the synchronization of user data. This can be done with the cronjob manager of Shopware. The plugin has created the job Synchronize LDAP backend users. You just have to activate it.
Alternatively, you can also directly configure the following CLI command in crontab:
php bin/console ropildapbackendlogin:synchronise:users
Changelog
Version 1.1.2
- Updated ldap_connect() call to new signature
Version 1.1.1
SSO authentication now works with proxies too (REDIRECT_REMOTE_USER)Version 1.1.0
SSO authentication based on REMOTE_USER (Kerberos, Shibboleth etc.)Version 1.0.1
Active Directory: In addition to NORMAL_ACCOUNT, other account types are now supportedVersion 1.0.0
First release of pluginAbout the manufacturer
