Download & Extend
LDAP integration » Issues

ldapgroups.conf.php Advanced Config - filtering doesn't seem to work for me

Posted by kpm on September 13, 2007 at 12:36am
Project:LDAP integration
Version:5.x-1.3
Component:Miscellaneous
Category:support request
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

Hi,
LDAP Integration is working fine, but a little too well :-)
So, I have uncommented and edited the ldapgroups.conf.php file to map to a few of the numerous security groups and organizational units found in our Active Directory. After logging out, clearing chache, cookies, etc. and logging back in, the output is still the entire Active Directory OUs and SGs. I have placed the "msg_r($groups);" statement in the file to see what was being listed and all of the Active Directory OU and SGs are being listed.
Is there something I am missing??

[code]

<?php
// $Id: ldapgroups.conf.php,v 1.7 2007/03/03 03:23:56 scafmac Exp $

// Interesting constants that admins would want to mess with

//   The module automatically decides names for the Drupal roles
// based in the names of the LDAP groups. For example:
//   - LDAP group: Admins => Drupal role: Admins
//   - LDAP group: ou=Underlings,dc=myorg,dc=mytld => Drupal role: Underlings
//   However, if this is not enough, this name mapping can be refined
// by altering this array. Some examples are given.


$GLOBALS['ldap_group_role_mappings'] = array(
  // LDAP group => Drupal role
 
  // make sure the last group->role mapping does NOT have a trailing comma (,)
  'CN=Domain Admins,OU=Security Groups,DC=TLD,DC=internal' => 'Domain Admins',
  'CN=Domain Users,OU=Security Groups,DC=TLD,DC=internal' => 'Domain Users',
  'CN=Group1,OU=Security Groups,OU=Vancouver,DC=TLD,DC=internal' => 'Group One',
  'CN=WebAdmin,OU=Security Groups,OU=SLD,DC=TLD,DC=internal' => 'Web Admin',
  'OU=Users,OU=SLD,DC=TLD,DC=internal' => 'Users',
  'CN=Senior,OU=Security Groups,OU=SLD,DC=TLD,DC=internal' => 'Senior',
  'CN=Executive,OU=Security Groups,OU=SLD,DC=TLD,DC=internal' => 'Executive',
  'CN=HR,OU=Security Groups,OU=SLD,DC=TLD,DC=internal' => 'Human Resources',
  );

// Note: Uncommenting this function will limit the groups -> roles conversion to ONLY those groups that are
// specified in the function.

function ldapgroups_roles_filter($groups) {
  global $ldap_group_role_mappings;
  $roles = array();
  // this should take the roles array, pass it thru the filters and send a NEW set of roles back the filter
  foreach ( $groups as $group ) {
    foreach ($ldap_group_role_mappings as $approved_group => $approved_role) {
       // must strip spaces ?
       $group_stripped = preg_replace('/\s+/', '', $group);
       $approved_group_stripped = preg_replace('/\s+/', '', $approved_group);      
      if (strcasecmp($approved_group_stripped, $group_stripped) == 0) {
        // this role is specified -- grant
       $roles[] = $approved_role;
      }
    }
  }
  return $roles;
}
?>

[/code]

Thanks

Login or register to post comments

Comments

#1

Posted by kpm on September 13, 2007 at 11:02pm
Status:active» closed (fixed)

Solved... filter works fine.

nobody click here