Forums / Install & configuration / LDAP GROUP MAPPING

LDAP GROUP MAPPING

Author Message

Alexandre Henriet

Thursday 19 November 2009 4:25:15 am

I'm experiencing LDAP Authentification on active directory with eZ Publish.
Authentification part works. The user I use to log-in is well created (using data from LDAP)
in the default eZ Publish group called 'LDAP' that I specified in the configuration
using LDAPUserGroup[]=LDAP.
My problem concerns the different group mapping methods.
I tryed the 3 without success, and I was wondering if it was possible
to setup eZ Publish - LDAP group mapping with ldap objects with that kind of structure :
In our AD, user objects have many entries looking like :
memberOf: CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
memberOf: CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
memberOf: CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa
while group objects have many entries looking like :
member: CN=LoginX,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
member: CN=LoginY,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
member: CN=LoginZ,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
In most of the examples I've seen, group names in LDAP are stored in a custom field employeeType containing a single word value. It's not the case in our AD and we don't have the possibility to change its structure.
What I would like to do is to store a user with a memberOf entry like :
CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
in an eZ Publish group called :
CompUsersG
1. Is it possible ?
2. Using which mapping method ?
3. How ? :-/
Thanks in advance,
Alexandre

Alexandre Henriet

Thursday 19 November 2009 4:46:00 am

Using the LDAP Debuging, with our AD structure and while using the "UseGroupAttribute" mapping method,
when specifying
LDAPUserGroupAttribute=memberOf
at stage 3/5 : 'real authentication of user', we see that eZ Publish sees memberOf as an array :
'memberof' =>
array (
'count' => 3,
0 => 'CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa',
1 => 'CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa',
2 => 'CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa',
),
if it can helps someone to answer me ..

Alexandre Henriet

Friday 20 November 2009 2:25:14 am

Without providing more explanations, can someone just tell me if it is possible plz ? :)