Hi Sebastian, What you propose would work fine.
I hacked it in a different way: I modified the LdapLoginManagement class and added an ldap_usergroups config key which would be set by the admin in the om_ldap conf files (not provided via LDAP server as an attribute). What I do then is create an om_ldap_*.cfg file for each functional group (eg. om_ldap_group1.cfg, om_ldap_group2.cfg, etc.). I also create the usergroups/organizations in the OM database (group1, group2, etc. - aka groupNAME) and record their IDs (groupID). For each om_ldap_* file I manually set ldap_usergroups=groupID and then specify an LDAP search base as CN:groupNAME,CN:domain,CN:com, etc. I like your idea better because it would be easier to maintain (and I would have to mess with group IDs). just a note though: the LDAP "user group" field (String ldap_user_org_name) should not necessarily contian only one group ID. It could be an array of IDs, eg. "2 4 12". OM would need to extract a Long array from this String. Are you planning on modifying the OM svn source code and add the feature you propose? If so, please let me know so I can test it and not duplicate the effort. Thanks, Vieri --- On Wed, 2/13/13, [email protected] <[email protected]> wrote: Hi Vieri, sorry I just seen that email now. I would rather suggest we use the same mechanism comparable to the other ldap attributes: Adding an ldap attribute with the name "ldap_user_org_name" (string value). If the ldap_config key is not configured it will be using the default org for the user. If this ldap config key is present and the LDAP search query returns a value for that key and if an org in OpenMeetings with that name exists, this org_id will be assigned to the user. If not, the org with that name will be created in OpenMeetings and then that org_id used. Sebastian 2013/2/12 Vieri <[email protected]> Hi, I have users who login via LDAP and they are always assigned the default usergroup/organization. How can I assign LDAP users to one group or another? Maybe an ldap integer attribute would be enough so I could provision the OM usergoup ID each time an LDAP user logs in? Vieri -- Sebastian Wagner https://twitter.com/#!/dead_lock http://www.webbase-design.de http://www.wagner-sebastian.com [email protected]
