ldap groups <---> ez groups

Previous topic

Suggestions

Next topic

Author	Message
Artturi Markko	Wednesday 03 May 2006 1:11:00 pm Hello, I have setup Ez Publish with authentication against a ldap server. I've read I can put a user from ldap in different groups by using a special attribute on the user ('memberof' for example). That's fine but I think it would also be interesting to use the existing groups defined in ldap by searching in the groups for the use who logs in. I've experienced a setup of Plone which permits that with the module LDAPUserFolder and it's quite impressive. How it could work : 1) in the ldap setup : -configuration of the ldap branch where groups are stored (ou=groups,dc=example,dc=com) - configuration of some mappings ldapGrpsToEzGrps["ldap_grp1"] = myEzGrpForLdapGrp1 2) When the user logs in, a search is performed on "ou=groups,dc=example,dc=com" for groups haing an attribute "member" or "uniquemember" equal to the dn of the authenticated user. If that can be any source of inspiration, here's the python code of LDAPUserFolder.py http://svn.dataflake.org/filedetails.php?repname=DataflakeSoftware&path=%2FLDAPUserFolder%2Ftrunk%2FLDAPUserFolder.py&rev=0&sc=0 Best regards, Artturi
Artturi Markko	Saturday 02 December 2006 12:05:34 pm A reply just for the sake of completeness as the url to this post is mentionned in the Ez 3.9 feature list. If you're interested by this feature, you'll want to read these posts : http://ez.no/community/forum/developer/contrib_ldap_group_mappings http://ez.no/community/forum/developer/pb_with_ldapusermanage_php_on_ldap_contrib Regards, Artturi

Author

Message

Artturi Markko

Wednesday 03 May 2006 1:11:00 pm

Hello,

I have setup Ez Publish with authentication against a ldap server.

I've read I can put a user from ldap in different groups by using a special attribute on the user ('memberof' for example).

That's fine but I think it would also be interesting to use the existing groups defined in ldap by searching in the groups for the use who logs in.
I've experienced a setup of Plone which permits that with the module LDAPUserFolder and it's quite impressive.

How it could work :

1) in the ldap setup :
-configuration of the ldap branch where groups are stored (ou=groups,dc=example,dc=com)
- configuration of some mappings
ldapGrpsToEzGrps["ldap_grp1"] = myEzGrpForLdapGrp1

2) When the user logs in, a search is performed on "ou=groups,dc=example,dc=com" for groups haing an attribute "member" or "uniquemember" equal to the dn of the authenticated user.

If that can be any source of inspiration, here's the python code of LDAPUserFolder.py

http://svn.dataflake.org/filedetails.php?repname=DataflakeSoftware&path=%2FLDAPUserFolder%2Ftrunk%2FLDAPUserFolder.py&rev=0&sc=0

Best regards,

Artturi

Artturi Markko

Saturday 02 December 2006 12:05:34 pm

A reply just for the sake of completeness as the url to this post is mentionned in the Ez 3.9 feature list.

If you're interested by this feature, you'll want to read these posts :

http://ez.no/community/forum/developer/contrib_ldap_group_mappings
http://ez.no/community/forum/developer/pb_with_ldapusermanage_php_on_ldap_contrib

Regards,

Artturi