Forums / Install & configuration / LDAP group mapping using SimpleMapping

LDAP group mapping using SimpleMapping

Author Message

Mathieu Peltier

Monday 17 January 2011 2:49:10 am

Hi,
I would like to map LDAP to eZ groups with SimpleMapping. I cannot make it work without the following modification in ./kernel/classes/datatypes/ezuser/ezldapuser.php. Is this a bug or a configuration issue (maybe related to the LDAP server I am trying to use)? I am using eZ Publish 4.4.0.
Thanks
Mathieu

--- ./kernel/classes/datatypes/ezuser/ezldapuser.php.orig 2011-01-14 13:59:10.000000000 +0100
+++ ./kernel/classes/datatypes/ezuser/ezldapuser.php 2011-01-17 10:38:56.000000000 +0100
@@ -488,15 +488,29 @@

$groupsTree = array();
$stack = array();
- $newfilter = '(&(objectClass=' . $LDAPGroupClass . ')(' . $LDAPGroupMemberAttribute . '=' . $userData['dn'] . '))';
+ // $userData['uid'][0]=<login> -> OK
+ // $userData['dn']=uid=<login>,ou=users,dc=domain.org,dc=local -> KO
+ $newfilter = '(&(objectClass=' . $LDAPGroupClass . ')(' . $LDAPGroupMemberAttribute . '=' . $userData['uid'][0] . '))';

$groupsTree[ $userData['dn'] ] = array( 'data' => & $userData,
'parents' => array(),
'children' => array() );

settings/override/ldap.ini.append.php file:

[LDAPSettings]
LDAPDebugTrace=enabled

# LDAP Server
LDAPServer=ldap.domain.org

# Where to find users
LDAPBaseDn=dc--domain.org,dc--local

# Group mapping
LDAPGroupMappingType=SimpleMapping
LDAPCreateMissingGroups=disabled
LDAPGroupBaseDN=dc--domain.org,dc--local
LDAPGroupClass=<name of my group object in LDAP>
LDAPGroupNameAttribute=cn
LDAPGroupMemberAttribute=<name of the attribute of my group object in LDAP specifying the members of the groups>
LDAPUserGroupMap[]
LDAPUserGroupMap[group1]=ezgroup1
LDAPUserGroupMap[group2]=ezgroup2
LDAPUserGroupMap[group3]=ezgroup3

# Default group (if group mapping fails)
LDAPUserGroupType=name
LDAPUserGroup[]=Members

# if 'enabled' you can move LDAP users to a different group and they will not
# be automatically moved back (to the group they are configured to be placed in)
# when the user logs in again.
KeepGroupAssignment=disabled