but i suppose that changing LdapAuthorizationPlugin.php and the function hasRole to check both the full userDn and just the username would be better
when you use this with openldap, the userDN does not match what the memberID will be.
the userDn is "uid=abc.abc,dc=example,dc=com"
but the memberID within the group is abc.abc
i needed to change plugins/LdapCommon/LdapCommon.php and the function is_dn_member_of_group to be
function is_dn_member_of_group($userDn, $groupDn)
{
$ldap = $this->get_ldap_connection();
$link = $ldap->getLink();
# just get the username and remove the rest
$spos = strpos($userDn, "=");
if ($spos == true) { $spos = strpos($userDn, ","); $userDn = substr($userDn, 4, $spos-4); }
# now do the compare
$r = @ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn);
but i suppose that changing LdapAuthorizationPlugin.php and the function hasRole to check both the full userDn and just the username would be better
when you use this with openldap, the userDN does not match what the memberID will be.
the userDn is "uid=abc.abc,dc=example,dc=com" but the memberID within the group is abc.abc
i needed to change plugins/LdapCommon/LdapCommon.php and the function is_dn_member_of_group to be
just get the username and remove the rest
now do the compare
but i suppose that changing LdapAuthorizationPlugin.php and the function hasRole to check both the full userDn and just the username would be better