Reference¶
The following table lists the properties of an LDAP server record. If you manage your server records in a configuration file you will recognize the property names immediately, in the backend the properties may have different (and localized) labels.
The configuration file uses a Typoscript like syntax, the root element to be used is “ldapServers”.
Each server needs to have an integer as a unique id (UID) to maintain compatibility with database records.
ldapServers {
1 {
title = My test server
}
}
Mandatory properties are printed bold.
Warning
Currently it's not possible to import or update users automatically during login. This means that autoImport and autoEnable must not be set to 1.
| Parameter | Data type | Description | Default |
|---|---|---|---|
| title | string | Server name | |
| disable | boolean | Disable the server record | 0 |
| host | string | The server’s ip address or DNS name | |
| port | int+ | The server’s port, mostly 389 for LDAP and 636 for LDAPS | |
| forcsTLS | boolean | Encrypt the connection even if using port 389 which is used for unencrypted connections by default | 0 |
| version | int+ | The server’s LDAP version, currently “3” should work for most servers | |
| authenticate | string | FE: Authenticate FE users BE: Authenticate BE users both: Authenticate FE and BE users | |
| user | string | User (DN) with read access to the directory | |
| password | string | The aformentioned user’s password | |
| fe_users. | array / COA | You have to set either “fe_users” or “be_users”, otherwise nothing will happen … | |
| –> .pid | int | Page ID for user storage | |
| –> .baseDN | string | The BaseDN for all LDAP searches | |
| –> .filter | string | The LDAP query for user retrieval, “<search>” will be replaced by the user’s username | |
| –> .autoImport | boolean | If set users will be imported/updated automatically after successful DAP authentication | 0 |
| –> .autoEnable | boolean | If set users will be enabled automatically after login if they have been disabled in TYPO3 | 0 |
| –> .mapping. | array / COA | Configures the TYPO3 user table fields, the basic syntax is: <Extbase Property>.data = field:<LDAP attribute>
**The LDAP attributes have to be written in lowercase!**
Static values like “1” are assigned similarly: <Extbase Property>.value = <Static value>
Example The following example updates the table field “name” with the value “displayname” of the user’s LDAP record and wraps it with stars: mapping {
name {
data = field:displayname
wrap = * | *
}
}
}
|
|
| –> .usergroups. | array / COA | Without a usergroup FE users are unable to login to TYPO3 | |
| –> . –> .importGroups | boolean | Import usergroups from the LDAP directory | 0 |
| –> . –> .restrictToGroups | string list | Only import groups if the name satisfies the given pattern(s) Regular expression. Example The following example imports only users which belong to a group beginning with “typo3” (case insensitive): restrictToGroups = /^typo3.*/i
|
|
| –> . –> .addToGroups | int+ list | Add each user to this TYPO3 user group(s) Comma-separated list of usergroup UIDs | |
| –> . –> .reverseMapping | boolean | If your LDAP directory stores users as group attributes (OpenLDAP) set this value to 1 | 0 |
| –> . –> .preserveNonLdapGroups | boolean | Preserve relations to usergroups which have not been imported from an LDAP server | |
| be_users. | array / COA | Same as “fe_users” Property “pid” does not exist because BE users are stored on the root page (zero) |