| LDAP Plugin Enhancements (Updated!) [message #166921] |
Wed, 28 March 2012 13:13  |
 |
Multitool
Messages: 47
Registered: February 2012
Karma: 1
|
Member |
|
|
Hi all,
OK, updates to this as follows.
I'm not the world's greatest programmer, and I know next to nothing about PHP, but this seems to work for my application. Comments and criticisms would be gratefully received!
Summary of changes:
• Changed to use LDAP URLs instead of servername/port. This allows use of LDAPS (LDAP over SSL).
• Allow forum user details (email address, real name, alias) to be set from attributes retrieved from LDAP server.
• Always update email/name/alias with current info from LDAP server at each login (if enabled).
• If the user doesn't already exist, check whether an existing user has the same email address (as retrieved from LDAP) as the user trying to log in. If an existing user with the same email address is present, change the login of that user to the login of the user logging in, and update the name/alias with details from the LDAP server. (This should ensure that posts imported from NNTP are assigned to the correct user, even if that user has never logged in to the forum before, and also avoids duplicate email address problems.)
(I also reinstated the password synchronisation, as this seems to be required for reasons I don't understand.)
As mentioned above, it's probably not the most efficient piece of code ever written, but it seems to work for me 
Hope it's useful to others.
[Updated on: Thu, 29 March 2012 19:49] Report message to a moderator |
|
|
|
|
|
|
|
|
|
| Re: LDAP Plugin Enhancements (Updated!) [message #167818 is a reply to message #167111] |
Tue, 09 October 2012 15:54  |
 |
andy_scouser
Messages: 76
Registered: June 2003
Karma: 1
|
Member |
|
|
Hi guys,
Im wondering whether anybody uses this plugin? I have access to an LDAP to authenticate some users to and it works great, thanks multitool. Is there a way I can modify the code to check not only the cn of the user but also the gidnumber of the user please?
the required ldapsearch im after would be something like
# ldapsearch -h ldap1 -x -b ou=people,dc=office,dc=private "(&(uid=bigbadbob)(gidNumber=1001))"
im assuming id need to modify the ldap.plugin within my /var/www/FUDforum/plugins/ldap/ directory. Any line beginning $search would know doubt need changing...but im guessing at the syntax, i really do need to learn php dont I..
original: //$search = ldap_search($connection, $ini['LDAP_DN'], $ini['LDAP_UID'] .'='. $login);
idiots attempt: $search = ldap_search($connection, $ini['LDAP_DN'], '"(&(gidnumber=1001)(' . $ini['LDAP_UID'] .'='. $login . '))"');
|
|
|
|
|
|
| Aw: LDAP Plugin Enhancements (Updated!) [message #168747 is a reply to message #166921] |
Fri, 12 July 2013 16:13 |
 |
captain picard
Messages: 15
Registered: March 2013
Karma: 0
|
Junior Member |
|
|
hi,
thanks for the plugin!
i've added a tweak to get out a nice ALIAS (it's easier to find users in this environment when username and real-name is displayed in usergroup-lists - REQUIRES 'use aliases'-setting in general settings), from our ugly AD-Names like "SURENAME Gname" automatically:
on adding the user:
//not sure about the 1st line but i changed it in case of weird chars given at the ldap-server
$uent->login = _esc($login);
$uent->name = ucwords(strtolower($info[0]['cn'][0]));
$uent->alias = _esc($login)." (".ucwords(strtolower($info[0]['cn'][0])).")";
and on syncing the following: - ALIAS = username (Surename Gname)
// Sync user details, if enabled
if (!empty($ini['LDAP_EMAIL'])) {
q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET email='. _esc($info[0][ $ini['LDAP_EMAIL'] ][0]) .' WHERE login='. _esc($login));
}
//wl: 20130706 David Kikl - Names + Alias style: "netxxx (Surename Gname)"
if (!empty($ini['LDAP_NAME'])) {
q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET name='. _esc(ucwords(strtolower($info[0][$ini['LDAP_NAME']][0]))) .' WHERE login='. _esc($login));
}
if (!empty($ini['LDAP_ALIAS'])) {
q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET alias='. _esc($login." (".ucwords(strtolower($info[0][$ini['LDAP_NAME']][0])).")").' WHERE login='. _esc($login));
#dbg('REFRESH_ALIAS: UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET alias='. _esc($login." (".ucwords(strtolower($info[0][$ini['LDAP_NAME']][0])).")").' WHERE login='. _esc($login));
}//else dbg("REFRESH_ALIAS: empty ALIAS?");
for the editing mask below i just mentioned the code i've inserted:
<p>HARDCODED LDAP Attributes for forum user alias:<br />
<b>username (Surename Gname)</b> (<- SURENAME GnAmE / surename GNAME / ect.)<br />
(wl/dk alias)</p>
<p>HARDCODED LDAP Attributes for forum user real name:<br />
<b>Surename Gname</b> (<- SURENAME GnAmE / surename GNAME / ect.)<br />
(wl/dk alias)</p>
i tried to get aroud some debugging troubles for using the fud-forum default debugging-functionality see post http://fudforum.org/forum/index.php?t=msg&goto=168746&#msg_168746
cheers david
[Updated on: Fri, 12 July 2013 16:16] Report message to a moderator |
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]