LDAP and auto-pnGroups :: Zikula Community :: Support at your fingertips

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 07:01 AM
mazdev responded to »Pages 2.5.0 and updating - Page not found« 06:41 AM
ehdwma created topic »Hide "Register new account" and change template to 3 col« 06:27 AM
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 01:29 AM
mdee created topic »How to implement returnpage ?« 01:00 AM
nestormateo responded to »Fillters in Clip« 24. May
damon responded to »Can the Updated Version Check be Turned Off (Z 1.3)« 24. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

LDAP and auto-pnGroups

Print topic

**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 110
Posted: Feb 11, 2005 - 08:59 AM

I have been working for last few days to get the AuthLDAP mod to auto-create a pnGroup and make user member based on a LDAP DN ("ou" for department in eDirectory). Anyway I got the mod creating the group based on the department of the user. The problem is that if another user logs in from the same department of another user, the pnGroup is duplicated. So I write the following code to check the 'name' of the existing pnGroups and to not create it if it exists...but it is still not working. I tried playing with arrays but still no go. I should probably mention that I am just above a beginner in PHP. Here is the code:

Code
if ($result->EOF) {
$sql2 = "SELECT $groupscolumn[name] FROM $groupstable";
$result2 = $dbconn->Execute($sql2);
$myrow = mysql_fetch_array($result2);
$grpmem = pnVarPrepForStore($info[0]["ou"][0]);
if ($myrow != $grpmem) {

$query3 = "INSERT INTO $groupstable
( $groupscolumn[name])
VALUES('".pnVarPrepForStore($info[0]["ou"][0])."'

)";

$dbconn->Execute($query3);

$gid = $dbconn->PO_Insert_ID($groupstable,$groupscolumn['gid']);
}
else
{
}

It is still duplicating the groups though. I try to echo $myrow and I either get nothing, 'Object', or 'Array'. If I echo $grpmem I get the correct department. I have been looking at this same piece of code for the last 6 hours and my eyes are beginning to bleed. Can anyone shed some light on this for me?

Thanks,
Vance
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 110
Posted: Feb 14, 2005 - 12:58 AM

Bum-PITY bump
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 110
Posted: Feb 14, 2005 - 04:13 AM

Nevermind. Got it figured out. Used 'in_array'.

Those who may be interested, I am modding the AuthLDAP module to do the following:

Create pnGroup and make user member of said group based on LDAP DN;
Update user LDAP info upon logging in (currently only creates user);
Hopefully, eventually support TLS.

Thanks,
Vance

PS. MarkWest, I'll forward you this to update the official module and include in v.8.0
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 110
Posted: Feb 14, 2005 - 07:56 AM

brammerv
Nevermind. Got it figured out. Used 'in_array'.

Still having some problems, can someone help.

Here is an example from MarkWest's pnGroup mod that I am using in the LDAP hack.

Code
function pnGroups_userapi_view()
{
extract($args);

$groups = array();

list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();

$pngroups = $pntable['pngroups_table2'];
$pngroupscol = &$pntable['pngroups_t2_column'];
$pnmembertable = $pntable['group_membership'];
$pnmembercol = &$pntable['group_membership_table'];
$pnapps = $pntable['pngroups_table1'];
$pnappscol = &$pntable['pngroups_t1_column'];

// Get items - the formatting here is not mandatory, but it does make the
// SQL statement relatively easy to read. Also, separating out the sql
// statement from the SelectLimit() command allows for simpler debug
// operation if it is ever needed

$sql = "SELECT * FROM $pngroups where $pngroupscol[allow]='1'";

$result = $dbconn->Execute($sql);

// Check for an error with the database code, and if so set an appropriate
// error message and return
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', $sql);
return false;
}

// Put items into result array. Note that each item is checked
// individually to ensure that the user is allowed access to it before it
// is added to the results array
for (; !$result->EOF; $result->MoveNext()) {
list($gid, $name, $desc, $allow) = $result->fields;
$groups[] = array('name' => $name);
}

$result->Close();
return $groups;
}

The array that is returned for $groups is :

Code
array([0]=>([name]=>Users)[1]=>Array([name]=>Admins)[2]=>Array([name]=> WPC

Now if I want to compare a variable such as $LDAPgrp = 'WPC' to 'name' in the group[] array above, I use this:

Code
if (!in_array($LDAPgrp,$groups)) {

$query = "INSERT INTO $groupstable
( $groupscolumn[name])
VALUES('".pnVarPrepForStore($info[0]["ou"][0])."'

)";

$dbconn->Execute($query);

$gid = $dbconn->PO_Insert_ID($groupstable,$groupscolumn['gid']);

}else{
}

But the INSERT QUERY is still being ran even though the value of 'WPC' defined in variable $LDAPgrp is in the group[].

Anyone have any ideas why this is happening? And why does the result of the array look like it is an array within an array?
**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 60
Posted: Feb 21, 2005 - 12:06 PM

excellent to see help with edirectory with postnuke i've been trying myself for sometime..
thanks vance
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 110
Posted: Feb 22, 2005 - 01:26 AM

Disregard my last "cry for help". After taking the weekend off, I came back Monday morning and it dawned on me how sloppy my code was. So I started over and finally got everything working (with a lot less code BTW). The LDAPauth mod is now creating pnGroups based on eDirectory DN of "ou"/department. It also automatically makes the user a member of that group in addition to adding them to the user group. I'll post back when I get this mod finished. I want to add the ability to allow the admin to define which DN to use the groups from the admin menu. Also ,still want to make the mod update the user information if they already exist. Should be done in the next few weeks....hopefully.

Vance
**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 60
Posted: Feb 22, 2005 - 09:23 AM

cool thanx vance i'm hoping to try it out, as i've been waiting for this solution for a while thanx for the help....
**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 60
Posted: Feb 24, 2005 - 10:03 AM

hey vance

update on the netstorage problems i get...

login on a pc that has no zenworks agent

login to PN works fine, go the netstorage asks for login type user.context and etc.. then password works fine. but once logged out you need to log all the way out of the app eg close the browser down cause if not and you re-log in as someone else in PN and go to netstorage it comes up with the old user netstorage space...

i guess first we need to fix that issue and 2nd we need to figure out the login box to accept just username and password and not have to type the whole context and etc....

now with a pc that has a zenworks agent

netstorage will come up a different style of login box but again accept the same type of login like before...

but that box only appears if you are logged in as anyone else besides admin.

admin picks up and goes in straight away....

so yeah this netstorage part is confusing....

alot of suggestions have been looking into ichain or single signon solutions....

still no luck...

regards
shane
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 110
Posted: Feb 25, 2005 - 04:08 AM

Hey Shane,

I have decided to not integrate NetStorage into PN. I am going to focus on integrating iFolder instead...in addition to Groupwise WebAccess. I will not be starting this until I get the LDAP mod done though. Hopefully this will be in the next few weeks. I got side tracked with implementing a spam solution into my mail system. I should be able to get back to the LDAP mod early next week.

We should probably leave this post to the LDAP mod and take the other integrations off line or perhaps in another post.

Vance
**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 60
Posted: Feb 26, 2005 - 12:32 AM

sounds good...

thanks vance

yeah ifolder sounds we are trying that as well

basically we are just trying to get H drive access for staff and students through the postnuke portal for home access...

netstorage does it as well as ifolder what ever works sounds good to me...

again thanx vance.

regards
shane
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Jan 25, 2006

Posts: 1
Posted: Jan 25, 2006 - 02:55 AM

Hello, I've just found this interesting thread with a potential solution to my problem (Having LDAP groups created under postnuke). Can you tell me the state of this modified version of LDAPAuth?