[Typo3-dev] Usergroup memberships FE and BE with openldap

Daniel Thomas dev at dpool.net
Thu Feb 17 19:30:04 CET 2005 

Hi Didier,

I am awfully busy at the time, so I must be brief.
As far as I know the OpenLDAP Server will store Groupmembership with  
the group record not with the User Record.
The getFEGroups and getBEGroups methods only work with Groupmembership  
which is stored in the user record.

In the OpenLDAP user record you will probably find no reference  
whatsoever about which groups the user belongs to. That's why you can  
not access them via the above mentioned records. To establish the  
groupmembership of a user in OpenLDAP you would have to take the DN of  
the user record and then perform an LDAP search in the group records'  
member attribute to find in which group records the user is registered.  
Those are the groups you want to assign to the fe_user record in your  
TYPO3 installation. The tx_ldapserver class does contain a commented  
out method to perform such a search. It is commented out because it has  
not been tested thouroghly.

Of course, You can include this method in a user class as well an call  
it in a MAP_OBJECT for the field usergroup with the DN as special  
property.

Find the method below.

Sorry that I could not test and document this

Regards

Daniel


	
	/**
	 * This function is used to return a series of fe_group uids on basis  
of the membership of the user
	 *
	 *
	 * @param	array	$data: LDAP data array for attribute
	 * @param	array	$conf: optional configuration
	 * @return	string 	value for inserting into db
	 */
/*
	function getStaticFEGroups($data, $conf)	{
#t3lib_div::debug($data);
		if($data) {
			tx_ldapserver::initCharset('');
			$GLOBALS['LDAP_CONNECT']- 
 >search('(&(objectClass=groupOfNames)(member='.$data.'))');
			
			$uids = array();
			
				// for internal record identification
			$table = $conf['table'];
			$pid = $conf['pid'];
			$identField = $conf['identField'];
				
			while($data = $GLOBALS['LDAP_CONNECT']->fetch()) {
				$v = $GLOBALS['LDAP_CONNECT']->getDN();
#debug($data);
				$v = $this->csObj->conv($v, $this->remoteCharset,  
$this->localCharset);
				if($uid = tx_ldapserver::recordExists($identField, $v, $pid,  
$table)) {
					$uids[] = $uid;
				}
			}
			return implode(',',$uids);
		}
	}
*/	

> Hi all,
>
> Because nobody answerd my mail in the Typo3 English list I ask it here:
>
> I have installed all the ldap extentions (ldap_lib,ldap_server,  
> ldap_auth
> and ldap_sync). I am using open ldap. When synchronizing all the  
> groups and
> users for be and fe are imported corectly but all the group  
> memberships are
> lost.
>
> Does anyone knows what's wrong and/or has anyone a working openldap
> configuration?
>
> My configuration looks like:
>
> [start]
> FEusers = LDAP_SYNC
>
> FEusers {
>
> 	enable = 1
> 	table = fe_users
> 	basedn = OU=People, DC=feas, DC=net
> 	handleNotFound = 1
> 	handleNotFound {
> 		markHidden = 1
> 		hiddenField = disable
> 		markDeleted = 0
> 		deletedField = deleted
> 		delete = 0
> 		identField = username
> 	}
>
> 	pid = 2
> 	filter = (&(objectClass=person))
> 	uniqueField = tx_ldapserver_dn
> 	fields {
> 		username = MAP_OBJECT
> 		username.attribute = uid
> 		username.userFunc = tx_ldapserver->getSingleValue
>                 usergroup = MAP_OBJECT
>                 usergroup.userFunc = tx_ldapserver->getBEGroups
>                 usergroup.userFunc.pid = 2
>                 usergroup.userFunc.table = fe_groups
>
> 		tx_ldapserver_dn = MAP_OBJECT
> 		tx_ldapserver_dn.special = DN
> 		}
>
> 	}
>
> }
>
>
>
>
>
> FEgroups < FEusers
>
> FEgroups {
> 	table = fe_groups
> 	handleNotFound = 0
>                 basedn = ou=fe_groups, ou=mg_intranet, ou=Applications,
> dc=feas, dc=net
> 	filter = (&(objectClass=groupOfUniqueNames))
> 	fields {
> 		username >
> 		usergroup >
> 		title = MAP_OBJECT
> 		title.attribute = cn
> 		title.userFunc = tx_ldapserver->getSingleValue
> 	}
>
> }
>
>
>
> BEusers < FEusers
>
> BEusers {
>
> 	table = be_users
> 	pid = root
> 	handleNotFound = 0
> 	filter = (&(objectClass=person))
> 	fields.usergroup.userFunc = tx_ldapserver->getBEGroups
> 	fields.usergroup.userFunc.pid = root
> 	fields.usergroup.userFunc.table = be_groups
> }
>
>
>
> BEgroups < FEgroups
>
> BEgroups {
> 	table = be_groups
> 	pid = root
>                 basedn = ou=fe_groups, ou=mg_intranet, ou=Applications,
> dc=feas, dc=net
> 	filter = (&(objectClass=groupOfUniqueNames))
> }
>
>
>
> FEauth = LDAP_AUTH
>
> FEauth {
>    enable = 1
>    table = fe_users
>    SSO = 1
>    SSO.10.userFunc = tx_ldapauth_sv1->authFromGet
>    sync < FEusers
> }
>
>
>
> BEauth < FEauth
> BEauth {
> 	table = be_users
> 	sync < BEusers
> }
> [end]
>
> Regards,
>
> Didier
>
> _______________________________________________
> Typo3-dev mailing list
> Typo3-dev at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
>
>
>
--/

Daniel Thomas dpool

Hinderink und Thomas Partnerschaft IT-Berater und Projektmanager

Eduard-Schmid-Str. 9 | D-81541 München
t 08945227582 | m 01793918781 | fax 08945227583

http://www.dpool.net | http://www.typergy.com
http://typo3partner.net

/--

More information about the TYPO3-dev mailing list