[Typo3-dev] Usergroup memberships FE and BE with openldap

Fri Feb 18 17:56:44 CET 2005

Hi Daniel,

These suggestions I have for the ldap integration:

1.
First of all there exists a problem with the first synchronization:

The synchronization follows the sequence of the configuration field of the
ldapserver. This means that first the users are inserted and than the groups
when you follow the example in the documentation. When looking up the groups
it will fail when it is concerning new groups.

Advice: first define the groups and than the users.

2.
I have struggled with the "getStaticFEGroups" function.
First of all you can not use $GLOBALS['LDAP_CONNECT'] because the result of
the user search will be lost. I have now implemented a second global object:
$GLOBALS['LDAP_GROUP_CONNECT']. This is working but terribly slow because
for every user there will be a connection to the ldap server looking for
group memberships.

I am thinking of an other solution:

With every LDAP_SYNC object define a type (be_groups, be_users, fe_groups,
fe_users). When syncing cache the *_groups results in a global array (fi.:
$GLOBALS['BE_GROUPS'], $GLOBALS['FE_GROUPS']). So far I know every ldap
server (ads, openldap, novell, etc) stores it's members in the group
records, just a few ldap servers store them also in the user record. So to
keep the code clean use the global array's for looking for group memberships
of a specific user when syncing.

3.
There should be a possibility that if ldap is leading for users and groups
that only users are synced that have a group membership. In this way the
database of typo3 is much cleaner when having a large ldap tree.

4.
If ldap is leading a solution has to be found for admins. I am thinking of
using a be_group with the name "Administrators" this group is ignored for
synchronization and is only used to flag the admin field in the user record
when a user is member of this group.

I understand you have not much time so if you like I will recode the ldap
implementation and send it to you. I will implement my suggestions as
optional features so it remains compatible with the current release.

Didier M.J.C. Gehéniau
Consultant

FEAS
Surinameplein 60 II
1058 GS Amsterdam
Phone:	+31 20 777 19 72
Fax:		+31 20 751 27 35
Mobile:	+31 6 55 366 492
E-mail:	didier.geheniau at feas.net
Site:		www.feas.net

______________________________________________________________________
This message is intended only for the named recipient and may contain
confidential or privileged information. If you have received it in error,
please advise the sender by return e-mail and delete this message and any
attachments. Any unauthorized use or dissemination of this information is
strictly prohibited.