LDAP group to Drupal role filtering - incorrect mapping for piping
| Project: | LDAP integration |
| Version: | 6.x-1.0-beta2 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | endiku |
| Status: | closed |
Jump to:
The piping option for the mapping described as so
"Enter a list of LDAP groups and their Drupal role mappings, one per line with a | delimiter. Should be in the form [ldap group]|[drupal role] such as:
cn=ED IT NAG Staff,DC=ad,DC=uiuc,DC=edu|admin
cn=Ed Webs UIUC Webmasters,DC=ad,DC=uiuc,DC=edu|committee member"
...works incorrectly. Instead of the piped role being assigned the LDAP group name is assigned. This is because line 269 of the ldapsgroups.module states to return $groups_new[] = $group instead of $groups_new[] = $role retrieved from the unserialized db call.
Here is the correct code.
function _ldapgroups_filter($account, $groups) {
if (_ldapgroups_ldap_info($account, 'ldapgroups_mappings_filter') && count(_ldapgroups_ldap_info($account, 'ldapgroups_mappings') > 0)) {
$groups_new = array();
foreach ($groups as $group) {
foreach (_ldapgroups_ldap_info($account, 'ldapgroups_mappings') as $group_approved => $role) {
if (strcasecmp($group_approved, $group) == 0)
$groups_new[] = $role;
}
}
$groups = $groups_new;
}
if ($code = _ldapgroups_ldap_info($account, 'ldapgroups_filter_php'))
$groups = eval($code);
return $groups;
}Another side note, the text description above the mapping entry box is missleading. It reads
"The module automatically decides names for the Drupal roles based in the names of the LDAP groups. For example:
LDAP group: Admins => Drupal role: Admins
LDAP group: ou=Underlings,dc=myorg,dc=mytld => Drupal role: Underlings."
Which is currently true only because the piping method is broken. If the method to create roles based on groups was intended (by leaving out the pipe) then something else must be wrong because a pipe is required for entry. However I find the piping method to be the needed method in my situation, I would assume having both might be a future feature.
#1
Please attach the patch in the proper format, otherwise it is hard to read.
#2
Yes, it's a bug. I have changed to $groups_new[] = $role in the cvs.
The description:
"The module automatically decides names for the Drupal roles based in the names of the LDAP groups. For example:
LDAP group: Admins => Drupal role: Admins
LDAP group: ou=Underlings,dc=myorg,dc=mytld => Drupal role: Underlings."
is correct because this supposed to work only when there is no mappings defined.
#3
Hello,
Finaly the ldap integration with the mapping role works.
But my sites are based on multi-site with SSO, so the mapping works when you log directly on the site but if you pass by the SSO, roles are not mapped.
Do you have a solution?
Have a nice day.
#4
Automatically closed -- issue fixed for 2 weeks with no activity.
#5
I installed this a week ago and I had to make this change. Has the change been applied to the version available on the project page?
#6
This has been fixed in the latest 6.x-1.0-beta2 release.
#7
Automatically closed -- issue fixed for 2 weeks with no activity.