-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike,
The first thing I'd do is to put
printArray($data);
right after
$data = ldap_get_entries($ds, $search);
then go to User Lookup and look up a user that should have some group
memberships with the force checkbox selected. That will show you exactly what
is being returned by the ldap query.
One guess related to things I've seen is that the "CN" is being returned in
lower case. You can add "i" to the end of the regular expression to ignore
case:
if(preg_match('/^CN=(.+),ou=accessgroups,o=institution.edu,o=cp/i',
If you want to join #asfvcl on freenode, I can help over IM.
Josh
On Wednesday, February 19, 2014 7:50:27 PM Mike Haudenschild wrote:
> This particular LDAP installation maintains group membership info in a
> field called "pdsrole." The groups exist as CNs in the OU "accessgroups."
> I'm trying to get VCL to provision the groups as per the docs (
> http://vcl.apache.org/docs/ldapauth.html#mirroring-ldap-user-groups) but
> haven't had any luck. I've been staring at this for awhile and I'm sure
> I'm missing something obvious at this point. Any help would be appreciated.
>
> I don't know if this matters in the context of finding groups, but I had to
> enable "lookupuserbeforeauth" in conf.php to get LDAP logins working.
>
> (The "o=institution.edu,o=cp" is strange but actually is correct.)
>
> The function from authmethods:
>
> function updatewcldapGroups($user) {
> global $authMechs;
> $auth = $authMechs['wcldap'];
> $ds = ldap_connect("ldap://{$auth['server']}/");
> if(! $ds)
> return 0;
> ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
> ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
>
> $res = ldap_bind($ds, $auth['masterlogin'],
> $auth['masterpwd']);
> if(! $res)
> return 0;
>
> $search = ldap_search($ds,
> $auth['binddn'],
> "{$auth['unityid']}={$user['unityid']}",
> array('pdsrole'), 0, 10, 15);
> if(! $search)
> return 0;
>
> $data = ldap_get_entries($ds, $search);
> $newusergroups = array();
> if(! array_key_exists('pdsrole', $data[0]))
> return;
> for($i = 0; $i < $data[0]['pdsrole']['count']; $i++) {
>
> if(preg_match('/^CN=(.+),ou=accessgroups,o=institution.edu,o=cp/',
> $data[0]['pdsrole'][$i], $match))
> array_push($newusergroups,
> getUserGroupID($match[1], $user['affiliationid']));
> }
> $newusergroups = array_unique($newusergroups);
> updateGroups($newusergroups, $user["id"]);
> }
> ?>
>
> Thanks very much,
> Mike
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMGC3EACgkQV/LQcNdtPQMcYQCeIEKrOXtg01rr+EhhrL2Amovh
K7gAn1EVWJL4SY6SH5Zku7NLEw0nJmQV
=Bm+r
-----END PGP SIGNATURE-----
