issues with the Configure Groups and Roles option
H3rnand3z - October 4, 2007 - 17:53
| Project: | NTLM & LDAP Authentication |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | kibble |
| Status: | closed |
Jump to:
Description
Two issues with the Configure Groups and Roles option;
1. It does not assign drupal roles based on domain groups.
2. we have multiple domains therefore we want to assign users from each domain to a different drupal role for example
assign Domain1 Domain users group to Role1 and Domain2 Domain users group to Role2 but the Configure Groups and Roles option shows domain groups from the last domain in the list. I think this option belongs in Configure LDAP Server page.
Thanks
#1
This is by design.
Roles are purely handled by Active Directory groups.
#2
I tried it again today and realized that roles are not assigned if I associate a drupal role to AD Domain Users group it works for other AD groups.
Also having the configure groups and roles options does not work properly when you have multiple domains it only shows AD groups for the last domain in the list. For example I added Domain1, Domain2 and Domain3 if try to create a new association for a group in domain1 the Select group option only shows AD groups for domain3.
Thanks
#3
This is now fixed. Please keep an eye out for the next release later today. [08/10/2007]
CVS export takes a while...
Changes made were:
<?php
...
function ldap_lookup_admin_associate() {
$results = db_query("SELECT * FROM {ldap_lookup}");
if (( ! isset($pass)) || ($pass == "") || ($pass == NULL)) {
unset($pass);
$pass = NULL;
}
while ($row = db_fetch_object($results)) {
$ldap = new ldap_lookup_class($row->name, $row->server, $row->port, $row->basedn, $row->groupdn, row->binddn, $row->bindpw, $row->use_tls, $row->user_attr, $row->email_attr);
if ($ldap->connect()) {
$possible_group_dns = explode("\r\n", $row->groupdn);
foreach ($possible_group_dns as $group_dn) {
$filter = "(objectCategory=group)";
$records = $ldap->search($group_dn, $filter);
$group_array = array();
for($rcount = 0; $rcount != $records['count']; $rcount++) {
$group_array['CN=' . $records[$rcount]['cn'][0] . ',' . $group_dn] = $records[$rcount]['cn'][0];
}
}
}
unset($ldap);
}
...
?>
Is Now:
<?php
...
function ldap_lookup_admin_associate() {
$results = db_query("SELECT * FROM {ldap_lookup}");
if (( ! isset($pass)) || ($pass == "") || ($pass == NULL)) {
unset($pass);
$pass = NULL;
}
$group_array = array();
while ($row = db_fetch_object($results)) {
$ldap = new ldap_lookup_class($row->name, $row->server, $row->port, $row->basedn, $row->groupdn, row->binddn, $row->bindpw, $row->use_tls, $row->user_attr, $row->email_attr);
if ($ldap->connect()) {
$possible_group_dns = explode("\r\n", $row->groupdn);
foreach ($possible_group_dns as $group_dn) {
$filter = "(objectCategory=group)";
$records = $ldap->search($group_dn, $filter);
for($rcount = 0; $rcount != $records['count']; $rcount++) {
$group_array['CN=' . $records[$rcount]['cn'][0] . ',' . $group_dn] = $records[$rcount]['cn'][0];
}
}
}
unset($ldap);
}
...
?>
Basically the `$group_array = array();` was moved out of the loop as this was reseting it each time it looped around.
#4