0.9.9-2 LDAP Groupsync
-
Hallo,
das LDAP-Modul behauptet zwar, einen Group Sync vorzunehmen, aber in Wirklichkeit werden nur die LDAP-Gruppen hinzugefügt. Wenn man nun im LDAP wieder Gruppen wegnimmt, so bleiben trotzdem noch alle Rechte. Ich habe daher noch einen Quick Hack geschrieben (ich habe wenig Ahnung von PHP), der zuerst alle Gruppen wegnimmt und dann die aus LDAP wieder hinzufügt.
Man kann das sicher eleganter machen (nur die wegnehmen, die nicht im LDAP gefunden werden etc.), aber es funktioniert
Der ganze Patch mit meinem SLES-Gruppen-Patch von gestern (http://www.i-doit.org/forum/index.php/topic,1582.0.html
atlas:/srv/www/htdocs/idoit/src/classes/modules # diff isys_module_ldap.class.php.orig isys_module_ldap.class.php 187c187,195 < --- > $l_groups = $p_user_dao->get_groups_by_id($p_user_id); > if (is_object ($l_groups)) { > $this->debug("Found " . $l_groups->num_rows() . " groups for user " . $p_user_id); > while ($group_id = $l_groups->get_row()) { > > $p_user_dao->detach_group($p_user_id, $group_id["isys_group__id"]); > $this->debug("deattached user $p_user_id from group " . $group_id["isys_group__title"]); > } > } 246c254 < if ($l_ldap["isys_ldap_directiry__const"] == "C__LDAP__OPENLDAP") { --- > if ($l_ldap["isys_ldap_directory__const"] == "C__LDAP__OPENLDAP") { 288c296 < if ($l_ldap["isys_ldap_directiry__const"] == "C__LDAP__OPENLDAP") { --- > if ($l_ldap["isys_ldap_directory__const"] == "C__LDAP__OPENLDAP") { 380c388 < $l_ldapi->set_search_path($p_found_user["ldap_data"]["isys_ldap__user_search"]); --- > $l_ldapi->set_search_path("OU=group,DC=domain,DC=int"); 385c393 < "(".$l_mapping[C__LDAP_MAPPING__GROUP]."=".$p_found_user[C__LDAP_MAPPING__USERNAME].")", --- > "(".$l_mapping[C__LDAP_MAPPING__GROUP]."=".$p_found_user["dn"].")", 392c400 < " (Filter: "."(".$l_mapping[C__LDAP_MAPPING__GROUP]."=".$p_found_user[C__LDAP_MAPPING__USERNAME].")". --- > " (Filter: "."(".$l_mapping[C__LDAP_MAPPING__GROUP]."=".$p_found_user["dn"].")". 402,405c410,413 < if ($l_single_group["uid"][0]) { < $l_group_name = $l_single_group["uid"][0]; < } else if ($l_single_group["uid"]) { < $l_group_name = $l_single_group["uid"]; --- > if ($l_single_group["cn"][0]) { > $l_group_name = $l_single_group["cn"][0]; > } else if ($l_single_group["cn"]) { > $l_group_name = $l_single_group["cn"]; 412a421 > $this->debug("Group name: $l_group_name");Hubert
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login