LDAP Backend Login (incl. SSO / Single Sign-On)

Important

Before buying this plugin, please use the trial version to make sure that this plugin is compatible with your Shopware environment and directory service.

Required PHP modules

1. ldap
2. openssl
3. reflection

LDAP Version

Currently only protocol version 3 is supported.

Configuration

Here you have to specifiy the host name or the IP address of the directory service to which you want to connect via LDAP (e.g. openldap.example.org or 120.14.6.17).

Here you have to specifiy the port number on which the directory service listens for LDAP connections (usually 389).

Select the type of encryption to use for the LDAP connection. Please note when using LDAPS usually a special port has to be configured (usually 636).

Here you have to specify the full DN of the bind user (e.g. exampledomain\ldap-user or cn=ldap-user,dc=example,dc=org). This user searches for user accounts via LDAP on each backend login or while synchronization cronjob is running. LDAP will be accessed always read-only.

Here you have to specify the associated password for the bind user which you have defined above.

Here you have to specify the DN with which to search for LDAP users who are allowed to log in to your Shopware backend (e.g. ou=shopwareusers,dc=example,dc=org)

Here you have to define the filter constraint with which to search for LDAP users. You can specifiy any LDAP search filter (RFC 4515 or RFC 2254), e.g. cn={$username} or (&(cn={$username})(objectClass=person)(objectClass=user)). The placeholder {$username} will be replaced with the value that the user enters in the username field of the backend login mask.

Here you have to specify the attribute to use as user's full name within Shopware. Usually this should be the first and last name (e.g. cn).

Here you have to specify the attribute to use as mail address within Shopware.

Here you have to specify a mail address that will be assigned to the Shopware user if no mail address can be fetched via LDAP.

Here you have to specify the ID of the Shopware user role that is assigned to users who log in for the first time (in a default Shopware installation the ID 1 corresponds to the role local_admins). The IDs of the roles can be found in the Shopware database table s_core_auth_roles. Once a user is logged in via LDAP, you can assign an individual role via the Shopware backend.

Here you have to specify the ID of the Shopware locale that is assigned to the users who log in for the first time (in a default Shopware installation the ID 1 corresponds to the locale de_DE). This locale ID will be assigned only to users, which does not select a language in the login mask. The IDs of the locales can be found in the Shopware database table s_core_locales.

If activated, all debug information is logged via the Shopware Pluginlogger (file path var/log/plugin_CONTEXT-YYYY-MM-DD). Helpful for the initial plugin setup or problem analysis.

Cronjob

After successful configuration of the plugin, you should configure the cronjob for the synchronization of user data. This can be done with the cronjob manager of Shopware. The plugin has created the job Synchronize LDAP backend users. You just have to activate it.

Alternatively, you can also directly configure the following CLI command in crontab:
php bin/console ropildapbackendlogin:synchronise:users