$_ldapauth_ldap object [#394220]

Can you help with this beginning module developer's question?

I am writing a module to sync LDAP and Drupal users, called "ldapsync", but I am having an issue with the _ldap object in my module. I see that in the ldapauth module, functions use the object $_ldapauth_ldap for basic ldap functions. I would like to do the same in my module, so I call the following.

function ldapsync_init() {
  include_once(drupal_get_path('module', 'ldapsync') .'/ldap_integration/libdebug.php');
  require_once(drupal_get_path('module', 'ldapsync') .'/ldap_integration/LDAPInterface.php');
}


function ldapsync_search() {
  global $_ldapsync_ldap;
  if (!$_ldapsync_ldap)
    return 'ldapsync object not initiated';
}

$_ldapsync_ldap is empty every time. What am I missing? What else do I need to do to use the ldap object's functions? As you can tell, I don't fully understand how the other modules are declaring this object.

Thank you in advance.

Richard

Comments

Comment #1

roball commented 7 March 2009 at 18:27

Version:

6.x-1.0-alpha2

» 6.x-1.x-dev

Hi Richard,

sorry I cannot help out for the specific problem. Just want to say that it is fantastic to know that finally somebody is going to fill the missing link of the LDAP modules. Without having a LDAP -> Drupal sync functionionality, LDAP does not make much sense on my user management scenario.

Where do you plan releasing your module? Will it be a submodule of the ldap_integration module package or will it be released as an own module project?

rob.

Comment #2

johnbarclay commented 7 March 2009 at 20:45

It would be nice to make this a dependent project so you could configure your ldap servers with the ldap integration core. Then configure the synchronization with the sync module. I think the only key is be able to use ldap without using it for authentication.

Someone had requested the functionality of using ldap groups without ldap auth. I wrote the following patch which does this: http://drupal.org/node/318174#comment-1075845 but it is waiting to be applied.

Being able to disable the authentication part would be a step toward using it as an api.

Ldap auth synchronizes users on logon given a set of rules. Ldap groups synchronizes roles with groups on logon. Both leverage the same ldap server configuration interface and data. Are you using the three basic mappings as in ldap groups or allowing generic ldap queries? At the very least it would be nice for this to be a dependent module. If the sychronization you are implementing matches the synchronization in ldap groups or ldap provisioning, a simple "run as chron" checkbox and a short hook_cron function in ldap_* would take care of it.

The stagnancy of this module currently might keep you away from trying to integrate with it, but it has been fairly well maintained over the years.

p.s is $_ldapsync_ldap set to global in the includes?

Comment #3

kassissieh commented 7 March 2009 at 23:33

My new module is dependent on ldapauth. That's why I need to load the ldap object as $_ldapsync_ldap. It will allow me to use existing settings for the ldap server, bind DN, and OU to search and existing functions to create new users and edit existing ones when needed. Our users will use ldap for authentication.

As it currently exists, ldapauth and ldapgroups creates Drupal user information for ldap users only when the user logs in. The purpose of ldapsync is to create the users before they log in, so that they may have nodes attributed to them and be references by other nodes before first login. We are migrating content from an old site into a new one, so can't wait for users to log in before linking to them in various ways.

$_ldapauth_ldap is declared globally only in the ldapauth module, not in the includes. I thought it was loaded as an object through the following code, but replicating that in my ldapsync.module isn't having the desired effect.

require_once(drupal_get_path('module', 'ldapauth') .'/ldap_integration/LDAPInterface.php');

Thank you for the encouragement. As this is my first module, I will seek advice on how to release it.

Comment #4

kassissieh commented 7 March 2009 at 23:54

Status:

Active

» Closed (fixed)

Oh, heck. I just found what I was looking for at the bottom of ldapauth_module.

//////////////////////////////////////////////////////////////////////////////
// Auxiliary functions

/**
 * Initiates the LDAPInterfase class.
 *
 * @param $sid
 *   An ID of the LDAP server configuration.
 *
 * @return
 */
function _ldapauth_init($sid) {
  global $_ldapauth_ldap;

  if ($row = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE sid = %d", $sid))) {
    $_ldapauth_ldap = new LDAPInterface();
    $_ldapauth_ldap->setOption('sid', $row->sid);
    $_ldapauth_ldap->setOption('name', $row->name);
    $_ldapauth_ldap->setOption('server', $row->server);
    $_ldapauth_ldap->setOption('port', $row->port);
    $_ldapauth_ldap->setOption('tls', $row->tls);
    $_ldapauth_ldap->setOption('encrypted', $row->encrypted);
    $_ldapauth_ldap->setOption('basedn', $row->basedn);
    $_ldapauth_ldap->setOption('user_attr', $row->user_attr);
    $_ldapauth_ldap->setOption('mail_attr', $row->mail_attr);
    $_ldapauth_ldap->setOption('binddn', $row->binddn);
    $_ldapauth_ldap->setOption('bindpw', $row->bindpw);
    return $_ldapauth_ldap;
  }
}

On to the next challenge.

Comment #5

dam commented 8 March 2009 at 16:19

Hi kassissieh
great job! Do you need some help? Do you have the code somewhere?
I'm interested in this module for D5, but I suppose you are developing for D6. For sure I can do tests and I can even contribute if you like.

bye!
---
Dam
http://www.squadrainformatica.com

Comment #6

johnbarclay commented 8 March 2009 at 23:13

I can test against an Active Directory LDAP on Drupal 6 if you need testers. I can also debug if you need help debugging.

Comment #7

kassissieh commented 9 March 2009 at 06:41

Thanks for the offers of help. This is great. I hope to have something reasonable to post within a week, at which point I will move over to the ldap_integration forum and post code as an attachment. I'm happy to let the crowd decide how to integrate this into the overall project.

I am successfully pulling user information from AD and now writing the code that looks for the corresponding user in Drupal and takes the appropriate action.

I am on Active Directory and Drupal 6 and don't really plan to test on other directories, so your support will be invaluable (even if you're also on AD).

Yes, I'm just developing for D6, but I imagine that it would be straightforward to port this back to D5.

Another newbie question: how do I sign up for email notification or RSS feed for this page? I have been checking it manually for new comments on this thread. Thanks in advance.

Comment #8

bonobo commented 9 March 2009 at 07:40

RE:

Another newbie question: how do I sign up for email notification or RSS feed for this page?

http://drupal.org/project/issues/user/[uid]/feed gets you an rss feed of all issues where you have put a comment.

For email notification, go to http://drupal.org/project/issues/subscribe-mail/ldap_integration and select the desired option.

Comment #9

roball commented 9 March 2009 at 18:01

kassissieh, could you please create a new task issue at http://drupal.org/node/add/project-issue/ldap_integration titled with something like ldapsync module development and assigned to yourself, so we have a (temporary, at least) easy-to-find place to track your progress?

Comment #10

kassissieh commented 9 March 2009 at 22:19

Done: http://drupal.org/node/396574

Comment #11

roball commented 9 March 2009 at 22:34

Thanks!

A tip: Instead of pasting the URL (..node/node_number) to an issue, just paste it in the form [#node_number], so you get #396574: LDAPsync component

$_ldapauth_ldap object