Hi Josh,
I've duplicated the function, and changed the switch to:
switch(getAffiliationName($affilid)) {
case 'wcldap':
updatewcldapGroups($user);
updatewcldapGroupsMajors($user);
break;
However, the user is only getting added to the group created by the second
function (GroupsMajors). If I comment out the second call, the user's
properly added to the group created by the first function (Groups). I'm
guessing my syntax here is bad, or that there's a global being used that
gets blown away when the second function runs.
Thanks,
Mike
On Wed, Feb 26, 2014 at 3:44 PM, Josh Thompson <[email protected]>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mike,
>
> Duplicating the function to pull info about the student's academic major is
> probably the simplest way to do things.
>
> Josh
>
> On Wednesday, February 26, 2014 3:00:01 PM Mike Haudenschild wrote:
> > Bingo. Thank you!
> >
> > There's a second LDAP attribute that specifies a student's academic
> major.
> > Ultimately that will probably prove as useful as the
> faculty/staff/student
> > info I'm getting from 'pdsRole'. Could I duplicate the updateLDAPGroups
> > function and run the same code against that second attribute? Or is that
> > too clumsy an approach?
> >
> > Regards,
> > Mike
> >
> > On Wed, Feb 26, 2014 at 12:44 PM, Josh Thompson
> <[email protected]>wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Mike,
> > >
> > > That's interesting that it does not give the full DN for items in
> pdsrole.
> > > Yes, you should be able to just match 'admin', 'employee', and
> 'staff'. I
> > > think
> > >
> > > preg_match('/^(admin|employee|staff)$/', $data[0]['pdsrole'][$i],
> $match)
> > >
> > > will do it.
> > >
> > > Josh
> > >
> > > On Wednesday, February 26, 2014 12:22:43 PM Mike Haudenschild wrote:
> > > > Hi Josh,
> > > >
> > > > Thanks for this troubleshooting tip. Getting some interesting output
> > >
> > > here,
> > >
> > > > so I'll probably need some help writing a regex to make this work --
> > > > assuming it's even possible. Would I just be able to match on the
> > >
> > > strings
> > >
> > > > 'admin', 'employee', and 'staff'?
> > > >
> > > > NB the "memberof" attribute in this particular LDAP deployment is
> > > > 'pdsrole'. The DN given here isn't helpfrom from a VCL perspective
> > > > since
> > > > everyone in the institution is a member of 'ou=People'.
> > > >
> > > > (begin output)
> > > >
> > > > Array
> > > > (
> > > >
> > > > [count] => 1
> > > > [0] => Array
> > > >
> > > > (
> > > >
> > > > [pdsrole] => Array
> > > >
> > > > (
> > > >
> > > > [count] => 3
> > > > [0] => admin
> > > > [1] => employee
> > > > [2] => staff
> > > >
> > > > )
> > > >
> > > > [0] => pdsrole
> > > > [count] => 1
> > > > [dn] => uid=290933460177932,ou=People,o=institution.edu
> ,o=cp
> > > >
> > > > )
> > > >
> > > > )
> > > >
> > > > (end output)
> > > >
> > > > On Thu, Feb 20, 2014 at 9:04 AM, Josh Thompson
> > >
> > > <[email protected]>wrote:
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > Hash: SHA1
> > > > >
> > > > > Mike,
> > > > >
> > > > > The first thing I'd do is to put
> > > > >
> > > > > printArray($data);
> > > > >
> > > > > right after
> > > > >
> > > > > $data = ldap_get_entries($ds, $search);
> > > > >
> > > > > then go to User Lookup and look up a user that should have some
> group
> > > > > memberships with the force checkbox selected. That will show you
> > >
> > > exactly
> > >
> > > > > what
> > > > > is being returned by the ldap query.
> > > > >
> > > > > One guess related to things I've seen is that the "CN" is being
> > >
> > > returned
> > >
> > > > > in
> > > > > lower case. You can add "i" to the end of the regular expression
> to
> > > > > ignore
> > > > > case:
> > > > >
> > > > > if(preg_match('/^CN=(.+),ou=accessgroups,o=institution.edu
> ,o=cp/i',
> > > > >
> > > > > If you want to join #asfvcl on freenode, I can help over IM.
> > > > >
> > > > > Josh
> > > > >
> > > > > On Wednesday, February 19, 2014 7:50:27 PM Mike Haudenschild wrote:
> > > > > > This particular LDAP installation maintains group membership
> info in
> > >
> > > a
> > >
> > > > > > field called "pdsrole." The groups exist as CNs in the OU
> > > > >
> > > > > "accessgroups."
> > > > >
> > > > > > I'm trying to get VCL to provision the groups as per the docs (
> > > > > >
> > > > > >
> http://vcl.apache.org/docs/ldapauth.html#mirroring-ldap-user-groups)
> > >
> > > but
> > >
> > > > > > haven't had any luck. I've been staring at this for awhile and
> I'm
> > >
> > > sure
> > >
> > > > > > I'm missing something obvious at this point. Any help would be
> > > > >
> > > > > appreciated.
> > > > >
> > > > > > I don't know if this matters in the context of finding groups,
> but I
> > >
> > > had
> > >
> > > > > to
> > > > >
> > > > > > enable "lookupuserbeforeauth" in conf.php to get LDAP logins
> > > > > > working.
> > > > > >
> > > > > > (The "o=institution.edu,o=cp" is strange but actually is
> correct.)
> > > > > >
> > > > > > The function from authmethods:
> > > > > >
> > > > > > function updatewcldapGroups($user) {
> > > > > >
> > > > > > global $authMechs;
> > > > > > $auth = $authMechs['wcldap'];
> > > > > > $ds = ldap_connect("ldap://{$auth['server']}/");
> > > > > > if(! $ds)
> > > > > >
> > > > > > return 0;
> > > > > >
> > > > > > ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
> > > > > > ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
> > > > > >
> > > > > > $res = ldap_bind($ds, $auth['masterlogin'],
> > > > > >
> > > > > > $auth['masterpwd']);
> > > > > >
> > > > > > if(! $res)
> > > > > >
> > > > > > return 0;
> > > > > >
> > > > > > $search = ldap_search($ds,
> > > > > >
> > > > > > $auth['binddn'],
> > >
> > > "{$auth['unityid']}={$user['unityid']}",
> > >
> > > > > > array('pdsrole'), 0, 10, 15);
> > > > > >
> > > > > > if(! $search)
> > > > > >
> > > > > > return 0;
> > > > > >
> > > > > > $data = ldap_get_entries($ds, $search);
> > > > > > $newusergroups = array();
> > > > > > if(! array_key_exists('pdsrole', $data[0]))
> > > > > >
> > > > > > return;
> > > > > >
> > > > > > for($i = 0; $i < $data[0]['pdsrole']['count']; $i++) {
> > > > > >
> > > > > > if(preg_match('/^CN=(.+),ou=accessgroups,o=institution.edu
> ,o=cp/',
> > > > > > $data[0]['pdsrole'][$i], $match))
> > > > > >
> > > > > > array_push($newusergroups,
> > > > > >
> > > > > > getUserGroupID($match[1], $user['affiliationid']));
> > > > > >
> > > > > > }
> > > > > > $newusergroups = array_unique($newusergroups);
> > > > > > updateGroups($newusergroups, $user["id"]);
> > > > > >
> > > > > > }
> > > > > > ?>
> > > > > >
> > > > > > Thanks very much,
> > > > > > Mike
> > > > >
> > > > > - --
> > > > > - -------------------------------
> > > > > Josh Thompson
> > > > > VCL Developer
> > > > > North Carolina State University
> > > > >
> > > > > my GPG/PGP key can be found at pgp.mit.edu
> > > > >
> > > > > All electronic mail messages in connection with State business
> which
> > > > > are sent to or received by this account are subject to the NC
> Public
> > > > > Records Law and may be disclosed to third parties.
> > > > > -----BEGIN PGP SIGNATURE-----
> > > > > Version: GnuPG v2.0.22 (GNU/Linux)
> > > > >
> > > > > iEYEARECAAYFAlMGC3EACgkQV/LQcNdtPQMcYQCeIEKrOXtg01rr+EhhrL2Amovh
> > > > > K7gAn1EVWJL4SY6SH5Zku7NLEw0nJmQV
> > > > > =Bm+r
> > > > > -----END PGP SIGNATURE-----
> > >
> > > - --
> > > - -------------------------------
> > > Josh Thompson
> > > VCL Developer
> > > North Carolina State University
> > >
> > > my GPG/PGP key can be found at pgp.mit.edu
> > >
> > > All electronic mail messages in connection with State business which
> > > are sent to or received by this account are subject to the NC Public
> > > Records Law and may be disclosed to third parties.
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v2.0.22 (GNU/Linux)
> > >
> > > iEYEARECAAYFAlMOKBUACgkQV/LQcNdtPQM5KACeMiwmih5KhOdE+T23DjZHp5FJ
> > > PWMAmgO69qC640lFM99FhmHnyAHCxZLx
> > > =2cld
> > > -----END PGP SIGNATURE-----
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMOUkQACgkQV/LQcNdtPQOZmQCdGQKS7sahPAi91M64KRXNrl0e
> SwsAn156vPEsHxvdIw54NtB7qGQ7OTEB
> =ixfv
> -----END PGP SIGNATURE-----
>
>
