Loading...
 
LDAP / Active directory

LDAP / Active directory


How to get groups from LDAP/ADS [patch]

If you want to get the user's groups from LDAP/ADS, here is a patch that will do it for you. It will add the user to the groups but it will not create the groups for you, this you'll have to do yourself.
On my AD server groups defined as attributes called "memberOf" and the data looks like:
"CN=groupname, ...., ...., ..."

Two files needs to be patched (v3.0)
LDAP.php:

LDAP.php.diff
Copy to clipboard
580a581 > $searchAttributes[] = 'memberOf';


userslib.php:

userslib.php.diff
Copy to clipboard
608a609 > $this->assign_user_to_groups($user, $user_ldap_attributes['auth_ldap_groups']); 646a648 > $this->assign_user_to_groups($user, $user_ldap_attributes['auth_ldap_groups']); 668c670,671 < elseif ($userAuth && $userTikiPresent) --- > elseif ($userAuth && $userTikiPresent) { > $this->assign_user_to_groups($user, $user_ldap_attributes['auth_ldap_groups']); 669a673 > } 780a785,796 > $memberships = $a->getAuthData('memberOf'); > $groups = array("Registered"); > foreach($memberships as $membership) { > $parts = explode(',', $membership); > foreach($parts as $part) { > $values = explode('=', $part); > if((count($values) == 2) && in_array($values[0], array('CN', 'cn'))) { > $groups[] = $values[1]; > } > } > } > $user_ldap_attributes['auth_ldap_groups'] = $groups;


The list of groups will be updated with every login (so you'll better disable the "remember me" option) and the default group "Registered" will also be added.
Thats it biggrin




Thanks, Al, for this solution!

It's good enough as long as you can manage your groups/permissions according to groups you get from Active Directory. If you need groups in TikiWiki which don't map to AD groups you have a problem because on each login the user is taken out of all his/her groups.

I'd like to propose a solution.

Sorry, I don't know how to write a diff file so I'll just explain the changes; they're not complicated.

userslib.php - line 786
Copy to clipboard
//$groups = array("Registered");

i.e. comment out that line; it's not necessary because of the following change

userslib.php - line 1929
Copy to clipboard
// in case resetting group list, do not remove Registered or persistent groups with names beginning * $query = "delete from `users_usergroups` where `userId`=? and `groupName` != 'Registered' and `groupName` not like '*%'";

i.e. add the comment and add "`groupName` != 'Registered' and `groupName` not like '*%'" to the query

Once you have done this you can create groups with names starting with * and the users will never be removed automatically from those groups.

Hope this helps someone!


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting