Smooth movement to LDAP for Single Sign On

Categories: Development, Community Created by t3o team
Based on a productive collaboration of the Server Team and the Team, we have set up a LDAP service to replace the current Single Sign On (SSO) solution which is integrated into the website.
tl;dr Log in once on and set a new password, otherwise your account will not be available after the migration to LDAP. In the course of rebuilding (and as announced in a former news article), we are going to extract the Single Sign On service out of into a separate website. This is done with the intention to make the relaunch easier for us. A central LDAP directory allows us to integrate further services in the TYPO3 ecosystem using the same account for all logins. During the last weeks, we have built and configured the LDAP server to match the given requirements. We want to inform you about the steps we take:
  1. We updated the extensions “ajaxlogin” and “t3o_ajaxlogin” so that all user data including passwords will be sent over an encrypted channel to the LDAP server. This happens whenever the user log in or updates his data and/or password.

  2. Early next year, we will remind all remaining users to log in once on, to make sure that their credentials will be available on the new system.

  3. By that time, we will also announce the date of the final switch to LDAP as the new leading authentication system. Users who have not updated their user data until this date won’t be able to login on (and related services) anymore.

We are planning about 3 months for the whole migration and will give you the time to do the migration procedure. If you have any questions or suggestions about the workflow, don’t hesitate to contact us on <link https: slack>Slack (channel #t3o-team). Credits for this huge project go to Andreas Beutel and Bastian Bringenberg who configured the LDAP environment, and Thomas Löffler for adapting to the new setup.