Forums / General / Groups and the LDAP login handler in eZ 3.9.x

Groups and the LDAP login handler in eZ 3.9.x

« 
Previous topic
|
General
|
Next topic
 »
Author Message

Torbjørn Myhre

Tuesday 03 April 2007 7:37:26 am

Hello.

I've had a look at the new group functionality with LDAP of eZ 3.9. I can get a user logged in correctly, but his account ends up in the default user group. So far, I've been unable to get the group mapping to work. I've tried a couple of different settings, but this haven't brought anything as of yet.

Actually, (at least when trying to use the GetGroupsTree setting), I get a PHP error from the ezldapuser.php script, where it complains about not finding the goAndPublishGroups function. This function is defined in the file, but perhaps it should be placed elsewhere?

Will there be a fix to this? Or perhaps these errors derive from wrong usage - will the new settings be documented anytime soon? Or is there anyone who has successfully used this?

I see now that the thread at http://ez.no/community/forum/install_configuration/ldap_group_mapping_on_3_9_0/re_ldap_group_mapping_on_3_9_0 discusses some of the same issues, but it has been a while.

Any comments appreciated.

Vincent Lepot

Thursday 24 May 2007 5:48:34 am

The problem seems to come from the filter used in ldap_search for member :

(&(objectClass=group)(member=CN=Vincent Lepot,OU=users,DC=acbd,DC=fr))

Not sure this is correct for a multi-valued attribute (I'm not a LDAP guru...)

Vincent Lepot

Thursday 24 May 2007 6:30:30 am

Oups ! No, sorry, my mistake.

The problem is that the calls to goAndPublishGroups should be calls to eZLDAPUser::goAndPublishGroups.

Vincent Lepot

Friday 25 May 2007 3:06:19 am

I reported an issue at http://issues.ez.no/10842

Artturi Markko

Monday 25 June 2007 11:30:30 pm

Same situation for me, I have tried to setup ldap group mappings but it does not work very well.

1st try :
LDAPGroupMappingType "GetGroupsTree"
LDAPUserGroupType "name"
KeepGroupAssignment disabled

I get access denied, whateve I put in "LDAPUserGroupMap"

2nd try : I change LDAPGroupMappingType to "SimpleMapping"

If I leave "LDAPUserGroupMap" empty, I can login, but if I configure a mapping in "LDAPUserGroupMap", I can't login (access denied)

For some strange reason, on the first first try, the mapping kind of worked : every ldap group I was member of was created with the same name in ez publish, and the mapping worked.
But it only worked once, and can't remember what was done just after it. One thing is that when I runned the ldapusermanage.php cronjob, group memberships were lost.

Regards,
Artturi