[TYPO3] AD group relationships lost in LDAP Sync? (correction added)
Bing Du
bdu at iastate.edu
Thu Jan 25 21:37:07 CET 2007
> Hi,
>
> We are able to import groups from active directory to typo3 using
> ldap_sync, ldap_server, ldap_lib and ldap_auth extensions. Using groups
> for access control on pages works fine. The problem we're seeing now is
> seems like group relationship is lost when groups are sync'ed with the
> active directory. It takes all the imported groups as on the same level.
>
> Say, we imported group A and group B to typo3 from the active directory.
> In the active directory, group B is a member of group A. So in theory, if
> privileges are granted to group A, all the members of group B should
> inherit the same privileges. But in Typo3, we give group A access to a
> page. A member of group B cannot see the page.
>
> Would anybody shed some light?
>
> Thanks in advance.
>
> Bing
>
After looking more, I think the real issue is the 'getFEGroups' function
of the ldap_server extension retrieves only the groups a user is explicit
member of. Maybe it already does what it's supposed to. But in order to
do what I talked about in my original post, we need to some how retrieve
all the explicit or implicit groups a user is in from the LDAP. Anybody
ever had to deal with such a kind of situation and would like to share
your experience? Any insight would be greatly appreciated.
Thanks,
Bing
More information about the TYPO3-english
mailing list