[racktables-users] Re: LDAP group membership

From: Walery Wysotsky <wwalery@xxxxxxxxx>
To: racktables-users@xxxxxxxxxxxxx
Date: Tue, 11 Jan 2011 21:07:36 +0200

Hello,


On 01/11/2011 06:11 PM, Farrington, Ryan wrote:
> Walery,
>         If you could generate a diff of your changes and send it on we can 
> review it and one of the dev staff will get it added to the trunk if that is 
> truly where it needs to be.


It's diff from version 0.18.5
I tested this in our servers, it works


PS: I hope these changes is not worser than my previous LDAP proposal :)

Best regards,
 Walery

329c329,331
<               strlen ($LDAP_options['search_attr'])
---
>               strlen ($LDAP_options['search_attr']) and
>               isset ($LDAP_options['group_attr']) and
>               strlen ($LDAP_options['group_attr'])
337c339
<                       array_merge (array ('memberof'), explode (' ', 
$LDAP_options['displayname_attrs']))
---
>                       array_merge (array ($LDAP_options['group_attr']), 
> explode (' ', $LDAP_options['displayname_attrs']))
353,355c355,363
<               if (isset ($info[0]['memberof']))
<                       for ($i = 0; $i < $info[0]['memberof']['count']; $i++)
<                               foreach (explode (',', 
$info[0]['memberof'][$i]) as $pair)
---
>               if (isset ($info[0][$LDAP_options['group_attr']]))
>                       for ($i = 0; $i < 
> $info[0][$LDAP_options['group_attr']]['count']; $i++)
>                       {
>                               $pair = 
> $info[0][$LDAP_options['group_attr']][$i];
>                               if 
>                               (
>                                       isset ($LDAP_options['group_filter']) 
> and
>                                       strlen ($LDAP_options['group_filter'])
>                               )
357,359c365,371
<                                       list ($attr_name, $attr_value) = 
explode ('=', $pair);
<                                       if (strtoupper ($attr_name) == 'CN' and 
validTagName ('$lgcn_' . $attr_value, TRUE))
<                                               $ret['memberof'][] = '$lgcn_' . 
$attr_value;
---
>                                       if 
> (preg_match($LDAP_options['group_filter'], $pair, $matches))
>                                       {
>                                               $attr_name = $matches[1];
>                                               $attr_value = $matches[2];
>                                       }
>                                       else
>                                               $attr_name = 'undefined';
360a373,381
>                               else
>                               {
>                                       $pairs = explode (',', 
> $info[0][$LDAP_options['group_attr']][$i]);
> // group CN in only first element
>                                       list ($attr_name, $attr_value) = 
> explode ('=', $pairs[0]);
>                               }
>                               if (strtoupper ($attr_name) == 'CN' and 
> validTagName ('$lgcn_' . $attr_value, TRUE))
>                                       $ret['memberof'][] = '$lgcn_' . 
> $attr_value;
>                       }

46a47,56
> 
> // for AD LDAP
>     'group_attr' => 'memberof',
> // for eDirectory LDAP
> //    'group_attr' => 'groupmembership',    
> 
> // filter user groups, optional
> #    'group_filter' => '/(cn)=(\w+),ou=RackTables,ou=IT,o=bogdan/i',
> 
>

References:
- [racktables-users] LDAP group membership
  - From: Walery Wysotsky
- [racktables-users] Re: LDAP group membership
  - From: Farrington, Ryan

[racktables-users] Re: LDAP group membership

Other related posts: