LDAP Backend Login (incl. SSO / Single Sign-On)

by robertpiplica

Rating: 5.0

(1 reviews)

Downloads: <25

The plugin enables authentication via LDAP to your Shopware backend. SSO / Single Sign-On is also supported (for example with Kerberos or Shibboleth).

Annually €24.58* /month €348.00 * €295.00* /year 15.23% discount In comparison to the regular monthly price

Monthly €29.00* /month Cancelable monthly

Compatible with:

5.2.11 - 5.7.20

Includes:

Free trial month

The subscription starts with a free trial month during which it can be canceled at any time.

All updates

During the subscription all released updates are included for free

Support from the Extension Partner

In case you have any questions or problems with your extension you can always ask the Extension Partner for help during the subscription.

The extension is also available for Shopware 6:

LDAP Administration Login (with SSO / Single Sign-On support)

Description

About the Extension

LDAP Backend Login

The plugin enables authentication via LDAP to your Shopware backend.
SSO / Single Sign-On is also supported (e.g. via Kerberos or Shibboleth).

Functionality

In the plugin settings you have to configure a so-called LDAP bind user. With the help of this bind user, the plugin will search for the authenticating user via LDAP on each backend login. For the LDAP user search a filter can be configured. If the user was found and the password matches, a new backend user is automatically created in Shopware and the user will be directly logged in. The data for the new backend user will be fetched via LDAP. A cronjob periodically updates the data of the created Shopware backend users (e. g. name changes in directory service or account will be deleted in directory service etc.). LDAP will be accessed read-only by the plugin.

Regular Shopware backend users can still log in without LDAP authentication.

Details

Available: English, German
Latest update: 5 June 2025
Publication date: 12 February 2018
Version: 1.2.1
Category: Administration

Resources

Reviews (1)

Average rating

5.0

Based on 1 reviews

5.0 Functionality

5.0 Usability

5.0 Documentation

5.0 Support

Write a review

If you downloaded this extension you can write a review in the Shopware Account.

Write a review

Sort by

Fantastic support with a great module

5.0

by Lee Farmer

27 February 2019 11:54

This module streamlined our Shopware integration to our LDAP environment, we had a minor hiccup but the developer provided fantastic support with a quick bug fix

5.0 Functionality

5.0 Usability

5.0 Documentation

5.0 Support

About the Extension Partner

robertpiplica

See all extensions

Partner Status

Shopware
Extension Partner

Details

Ø-Rating: 4

Average rating of 4 out of 5 stars
Partner since: 2018
Extensions: 4

Support

Based in: Germany
Speaks: German, English
Response time: Very quickly

Important

Before buying this plugin, please use the trial version to make sure that this plugin is compatible with your Shopware environment and directory service.

Required PHP modules

ldap
openssl
reflection

LDAP Version

Currently only protocol version 3 is supported.

Configuration

Hostname of LDAP server

Here you have to specifiy the host name or the IP address of the directory service to which you want to connect via LDAP (e.g. openldap.example.org or 120.14.6.17).

Port of LDAP server

Here you have to specifiy the port number on which the directory service listens for LDAP connections (usually 389).

Encryption Protocol

Select the type of encryption to use for the LDAP connection. Please note when using LDAPS usually a special port has to be configured (usually 636).

Bind DN

Here you have to specify the full DN of the bind user (e.g. exampledomain\ldap-user or cn=ldap-user,dc=example,dc=org). This user searches for user accounts via LDAP on each backend login or while synchronization cronjob is running. LDAP will be accessed always read-only.

Password

Here you have to specify the associated password for the bind user which you have defined above.

Base DN of Users

Here you have to specify the DN with which to search for LDAP users who are allowed to log in to your Shopware backend (e.g. ou=shopwareusers,dc=example,dc=org)

User Filter Pattern

Here you have to define the filter constraint with which to search for LDAP users. You can specifiy any LDAP search filter (RFC 4515 or RFC 2254), e.g. cn={$username} or (&(cn={$username})(objectClass=person)(objectClass=user)). The placeholder {$username} will be replaced with the value that the user enters in the username field of the backend login mask.

User's full name Attribute

Here you have to specify the attribute to use as user's full name within Shopware. Usually this should be the first and last name (e.g. cn).

Mail Attribute

Here you have to specify the attribute to use as mail address within Shopware.

Fallback E-Mail-Adresse

Here you have to specify a mail address that will be assigned to the Shopware user if no mail address can be fetched via LDAP.

User Role ID

Here you have to specify the ID of the Shopware user role that is assigned to users who log in for the first time (in a default Shopware installation the ID 1 corresponds to the role local_admins). The IDs of the roles can be found in the Shopware database table s_core_auth_roles. Once a user is logged in via LDAP, you can assign an individual role via the Shopware backend.

Locale ID

Here you have to specify the ID of the Shopware locale that is assigned to the users who log in for the first time (in a default Shopware installation the ID 1 corresponds to the locale de_DE). This locale ID will be assigned only to users, which does not select a language in the login mask. The IDs of the locales can be found in the Shopware database table s_core_locales.

Debug Mode

If activated, all debug information is logged via the Shopware Pluginlogger (file path var/log/plugin_CONTEXT-YYYY-MM-DD). Helpful for the initial plugin setup or problem analysis.

Cronjob

After successful configuration of the plugin, you should configure the cronjob for the synchronization of user data. This can be done with the cronjob manager of Shopware. The plugin has created the job Synchronize LDAP backend users. You just have to activate it.

Alternatively, you can also directly configure the following CLI command in crontab:
php bin/console ropildapbackendlogin:synchronise:users

1.2.1 27 March 2023

Compatibility: LDAP resource objects are now also supported (from PHP >= 8.1)

1.2.0 6 July 2021

Shopware 5.7 compatibility

1.1.2 28 July 2020

- Updated ldap_connect() call to new signature

1.1.1 3 May 2019

SSO authentication now works with proxies too (REDIRECT_REMOTE_USER)

1.1.0 2 May 2019

SSO authentication based on REMOTE_USER (Kerberos, Shibboleth etc.)

1.0.1 26 February 2019

Active Directory: In addition to NORMAL_ACCOUNT, other account types are now supported

1.0.0 10 February 2018

First release of plugin