[Typo3-dev] Usergroup memberships FE and BE with openldap

Thu Feb 17 21:02:56 CET 2005

Thanks for the reply, I will test it and sharpen it en return you the
results.

I sugest I do also a proposal for staticBEgroups

Regards,

Didier

-----Original Message-----
From: typo3-dev-bounces at lists.netfielders.de
[mailto:typo3-dev-bounces at lists.netfielders.de] On Behalf Of Daniel Thomas
Sent: Thursday, February 17, 2005 7:30 PM
To: List for Core-/Extension development
Subject: Re: [Typo3-dev] Usergroup memberships FE and BE with openldap

Hi Didier,

I am awfully busy at the time, so I must be brief.
As far as I know the OpenLDAP Server will store Groupmembership with  
the group record not with the User Record.
The getFEGroups and getBEGroups methods only work with Groupmembership  
which is stored in the user record.

In the OpenLDAP user record you will probably find no reference  
whatsoever about which groups the user belongs to. That's why you can  
not access them via the above mentioned records. To establish the  
groupmembership of a user in OpenLDAP you would have to take the DN of  
the user record and then perform an LDAP search in the group records'  
member attribute to find in which group records the user is registered.  
Those are the groups you want to assign to the fe_user record in your  
TYPO3 installation. The tx_ldapserver class does contain a commented  
out method to perform such a search. It is commented out because it has  
not been tested thouroghly.

Of course, You can include this method in a user class as well an call  
it in a MAP_OBJECT for the field usergroup with the DN as special  
property.

Find the method below.

Sorry that I could not test and document this

Regards

Daniel

	/**
	 * This function is used to return a series of fe_group uids on
basis  
of the membership of the user
	 *
	 *
	 * @param	array	$data: LDAP data array for attribute
	 * @param	array	$conf: optional configuration
	 * @return	string 	value for inserting into db
	 */
/*
	function getStaticFEGroups($data, $conf)	{
#t3lib_div::debug($data);
		if($data) {
			tx_ldapserver::initCharset('');
			$GLOBALS['LDAP_CONNECT']- 
 >search('(&(objectClass=groupOfNames)(member='.$data.'))');

			$uids = array();

				// for internal record identification
			$table = $conf['table'];
			$pid = $conf['pid'];
			$identField = $conf['identField'];

			while($data = $GLOBALS['LDAP_CONNECT']->fetch()) {
				$v = $GLOBALS['LDAP_CONNECT']->getDN();
#debug($data);
				$v = $this->csObj->conv($v,
$this->remoteCharset,  
$this->localCharset);
				if($uid =
tx_ldapserver::recordExists($identField, $v, $pid,  
$table)) {
					$uids[] = $uid;
				}
			}
			return implode(',',$uids);
		}
	}
*/	

> Hi all,
>
> Because nobody answerd my mail in the Typo3 English list I ask it 
> here:
>
> I have installed all the ldap extentions (ldap_lib,ldap_server,
> ldap_auth
> and ldap_sync). I am using open ldap. When synchronizing all the  
> groups and
> users for be and fe are imported corectly but all the group  
> memberships are
> lost.
>
> Does anyone knows what's wrong and/or has anyone a working openldap 
> configuration?
>
> My configuration looks like:
>
> [start]
> FEusers = LDAP_SYNC
>
> FEusers {
>
> 	enable = 1
> 	table = fe_users
> 	basedn = OU=People, DC=feas, DC=net
> 	handleNotFound = 1
> 	handleNotFound {
> 		markHidden = 1
> 		hiddenField = disable
> 		markDeleted = 0
> 		deletedField = deleted
> 		delete = 0
> 		identField = username
> 	}
>
> 	pid = 2
> 	filter = (&(objectClass=person))
> 	uniqueField = tx_ldapserver_dn
> 	fields {
> 		username = MAP_OBJECT
> 		username.attribute = uid
> 		username.userFunc = tx_ldapserver->getSingleValue
>                 usergroup = MAP_OBJECT
>                 usergroup.userFunc = tx_ldapserver->getBEGroups
>                 usergroup.userFunc.pid = 2
>                 usergroup.userFunc.table = fe_groups
>
> 		tx_ldapserver_dn = MAP_OBJECT
> 		tx_ldapserver_dn.special = DN
> 		}
>
> 	}
>
> }
>
>
>
>
>
> FEgroups < FEusers
>
> FEgroups {
> 	table = fe_groups
> 	handleNotFound = 0
>                 basedn = ou=fe_groups, ou=mg_intranet, 
> ou=Applications, dc=feas, dc=net
> 	filter = (&(objectClass=groupOfUniqueNames))
> 	fields {
> 		username >
> 		usergroup >
> 		title = MAP_OBJECT
> 		title.attribute = cn
> 		title.userFunc = tx_ldapserver->getSingleValue
> 	}
>
> }
>
>
>
> BEusers < FEusers
>
> BEusers {
>
> 	table = be_users
> 	pid = root
> 	handleNotFound = 0
> 	filter = (&(objectClass=person))
> 	fields.usergroup.userFunc = tx_ldapserver->getBEGroups
> 	fields.usergroup.userFunc.pid = root
> 	fields.usergroup.userFunc.table = be_groups
> }
>
>
>
> BEgroups < FEgroups
>
> BEgroups {
> 	table = be_groups
> 	pid = root
>                 basedn = ou=fe_groups, ou=mg_intranet, 
> ou=Applications, dc=feas, dc=net
> 	filter = (&(objectClass=groupOfUniqueNames))
> }
>
>
>
> FEauth = LDAP_AUTH
>
> FEauth {
>    enable = 1
>    table = fe_users
>    SSO = 1
>    SSO.10.userFunc = tx_ldapauth_sv1->authFromGet
>    sync < FEusers
> }
>
>
>
> BEauth < FEauth
> BEauth {
> 	table = be_users
> 	sync < BEusers
> }
> [end]
>
> Regards,
>
> Didier
>
> _______________________________________________
> Typo3-dev mailing list
> Typo3-dev at lists.netfielders.de 
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
>
>
>
--/

Daniel Thomas dpool

Hinderink und Thomas Partnerschaft IT-Berater und Projektmanager

Eduard-Schmid-Str. 9 | D-81541 München
t 08945227582 | m 01793918781 | fax 08945227583

http://www.dpool.net | http://www.typergy.com http://typo3partner.net

/--

_______________________________________________
Typo3-dev mailing list
Typo3-dev at lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev