How to get groups from LDAP/ADS [patch]
If you want to get the user's groups from LDAP/ADS, here is a patch that will do it for you. It will add the user to the groups but it will not create the groups for you, this you'll have to do yourself.
On my AD server groups defined as attributes called "memberOf" and the data looks like:
"CN=groupname, ...., ...., ..."
Two files needs to be patched (v3.0)
LDAP.php:
Copy to clipboard
580a581 > $searchAttributes[] = 'memberOf';
userslib.php:
Copy to clipboard
608a609 > $this->assign_user_to_groups($user, $user_ldap_attributes['auth_ldap_groups']); 646a648 > $this->assign_user_to_groups($user, $user_ldap_attributes['auth_ldap_groups']); 668c670,671 < elseif ($userAuth && $userTikiPresent) --- > elseif ($userAuth && $userTikiPresent) { > $this->assign_user_to_groups($user, $user_ldap_attributes['auth_ldap_groups']); 669a673 > } 780a785,796 > $memberships = $a->getAuthData('memberOf'); > $groups = array("Registered"); > foreach($memberships as $membership) { > $parts = explode(',', $membership); > foreach($parts as $part) { > $values = explode('=', $part); > if((count($values) == 2) && in_array($values[0], array('CN', 'cn'))) { > $groups[] = $values[1]; > } > } > } > $user_ldap_attributes['auth_ldap_groups'] = $groups;
The list of groups will be updated with every login (so you'll better disable the "remember me" option) and the default group "Registered" will also be added.
Thats it