#262 LDAP roles to groups (ldapAuthorization)

開啟中
mrzootzooty3 年之前創建 · 0 條評論

when you use this with openldap, the userDN does not match what the memberID will be.

the userDn is "uid=abc.abc,dc=example,dc=com" but the memberID within the group is abc.abc

i needed to change plugins/LdapCommon/LdapCommon.php and the function is_dn_member_of_group to be

function is_dn_member_of_group($userDn, $groupDn)
{
    $ldap = $this->get_ldap_connection();
    $link = $ldap->getLink();

just get the username and remove the rest

    $spos = strpos($userDn, "=");
    if ($spos == true) { $spos = strpos($userDn, ","); $userDn = substr($userDn, 4, $spos-4); }

now do the compare

    $r = @ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn);

but i suppose that changing LdapAuthorizationPlugin.php and the function hasRole to check both the full userDn and just the username would be better

when you use this with openldap, the userDN does not match what the memberID will be. the userDn is "uid=abc.abc,dc=example,dc=com" but the memberID within the group is abc.abc i needed to change plugins/LdapCommon/LdapCommon.php and the function is_dn_member_of_group to be function is_dn_member_of_group($userDn, $groupDn) { $ldap = $this->get_ldap_connection(); $link = $ldap->getLink(); # just get the username and remove the rest $spos = strpos($userDn, "="); if ($spos == true) { $spos = strpos($userDn, ","); $userDn = substr($userDn, 4, $spos-4); } # now do the compare $r = @ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); but i suppose that changing LdapAuthorizationPlugin.php and the function hasRole to check both the full userDn and just the username would be better
Sign in to join this conversation.
未選擇里程碑
未指派成員
1 參與者
正在加載...
取消
保存
尚未有任何內容