Re: LDAP and groups
> Hey all,
>
> I've looked through some previous posts, but can't seem to find a definitive answer. Does the LDAP module obtain group information from the LDAP server? I need to restrict access to areas based on LDAP groups and it will be a hassle to maintain groups in two different places.
>
> I've seen in the documentation that it does not use LDAP members and groups, so why are the options there?
>
> I just upgraded to 1.9.2
>
> Any help appreciated!
> Mike
Mike, I looked into this a couple months ago and the answer is apparently no. Marc Laporte asked what I'd like to see and I suggested the following:
Copy to clipboard
Marc, thanks for asking. I think tiki has most of what's needed. It already has the fields defined on the login settings. I'd like it to work like this: - You create a group within tiki and tiki handles it for permissions as it does today - you are given the option of associating a tiki group with an ldap group by specifying the DN - when a user logs in to tiki, their group memberships are enumerated and matched with tiki groups As I write this and do some research, I find out that unlike AD, OpenLDAP does not maintain a 'memberof' attribute. So to implement this across platforms we'd probably have to do something like this: - As a person logs in, read the ldap membership of all the defined tiki groups and note which the user is a member of and save that info (either in a cookie or maybe a temp table in the database). This could be a performance issue as the # of tiki groups grows.
\\Greg