View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0004193mantisbtbugtrackerpublic2004-07-26 07:212004-08-29 02:02
Reporteralf Assigned Tojlatour  
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version0.18.3 
Fixed in Version0.19.0rc1 
Summary0004193: Broaden the ldap features to work with (A.D.) - patch included
Description

I have made a small patch on the ldap subsystem to allow the "uid" field to be personalized. This allows searching for something else than "uid" to work with other ldap structures.

It specifically now allows working with Active Directory's LDAP setting the "uid" field to "sAMAccountName".

I just had to add an "ldap_uid_field" config variable (and the appropriate code).

Could this be included in some next release ? Thanks.

TagsNo tags attached.
Attached Files
mantis.diff (3,828 bytes)    
*** core/ldap_api.php	2004-01-11 10:16:10.000000000 +0300
--- core/ldap_api.php	2004-07-24 16:13:49.000000000 +0300
***************
*** 57,64 ****
  		$t_ldap_organization	= config_get( 'ldap_organization' );
  		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );
  
! 	    $t_search_filter	= "(&$t_ldap_organization(uid=$p_username))";
! 		$t_search_attrs		= array( 'uid', 'mail', 'dn' );
  	    $t_ds				= ldap_connect_bind();
  
  		$t_sr	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
--- 57,68 ----
  		$t_ldap_organization	= config_get( 'ldap_organization' );
  		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );
  
! 		$t_ldap_uid_field = config_get( 'ldap_uid_field' ) ;
! 		if ($t_ldap_uid_field == '') {
! 		  $t_ldap_uid_field = 'uid' ;
! 		}
! 	    $t_search_filter	= "(&$t_ldap_organization($t_ldap_uid_field=$p_username))";
! 		$t_search_attrs		= array( $t_ldap_uid_field, 'mail', 'dn' );
  	    $t_ds				= ldap_connect_bind();
  
  		$t_sr	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
***************
*** 76,83 ****
  		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );
  
  		$t_username 		= user_get_field( $p_user_id, 'username' );
! 		$t_search_filter	= "(&$t_ldap_organization(uid=$t_username)(assignedgroup=$p_group))";
! 		$t_search_attrs		= array( 'uid', 'dn', 'assignedgroup' );
  	    $t_ds				= ldap_connect_bind();
  
  		$t_sr		= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
--- 80,91 ----
  		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );
  
  		$t_username 		= user_get_field( $p_user_id, 'username' );
! 		$t_ldap_uid_field = config_get( 'ldap_uid_field' ) ;
! 		if ($t_ldap_uid_field == '') {
! 		  $t_ldap_uid_field = 'uid' ;
! 		}
! 		$t_search_filter	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))";
! 		$t_search_attrs		= array( $t_ldap_uid_field, 'dn', 'assignedgroup' );
  	    $t_ds				= ldap_connect_bind();
  
  		$t_sr		= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
***************
*** 100,107 ****
  		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );
  
  		$t_username 		= user_get_field( $p_user_id, 'username' );
! 		$t_search_filter	= "(&$t_ldap_organization(uid=$t_username))";
! 		$t_search_attrs		= array( 'uid', 'dn' );
  	    $t_ds				= ldap_connect_bind();
  		
  		# Search for the user id
--- 108,119 ----
  		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );
  
  		$t_username 		= user_get_field( $p_user_id, 'username' );
! 		$t_ldap_uid_field = config_get( 'ldap_uid_field' ) ;
! 		if ($t_ldap_uid_field == '') {
! 		  $t_ldap_uid_field = 'uid' ;
! 		}
! 		$t_search_filter	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
! 		$t_search_attrs		= array( $t_ldap_uid_field, 'dn' );
  	    $t_ds				= ldap_connect_bind();
  		
  		# Search for the user id
*** config_defaults_inc.php	2004-05-12 14:36:14.000000000 +0300
--- config_defaults_inc.php	2004-07-25 14:49:18.000000000 +0300
***************
*** 564,570 ****
  	$g_ldap_server			= 'ldaps://ldap.example.com.au/';
  	$g_ldap_port			= '636';
  	$g_ldap_root_dn			= 'dc=example,dc=com,dc=au';
! 	#$g_ldap_organization	= '(organizationname=*Traffic)'; # optional
  	$g_ldap_bind_dn			= '';
  	$g_ldap_bind_passwd		= '';
  	$g_use_ldap_email		= OFF; # Should we send to the LDAP email address or what MySql tells us
--- 564,571 ----
  	$g_ldap_server			= 'ldaps://ldap.example.com.au/';
  	$g_ldap_port			= '636';
  	$g_ldap_root_dn			= 'dc=example,dc=com,dc=au';
! 	$g_ldap_organization		= ''; // e.g. '(organizationname=*Traffic)'
! 	$g_ldap_uid_field		= 'uid'; // Use 'sAMAccountName' for A.D.
  	$g_ldap_bind_dn			= '';
  	$g_ldap_bind_passwd		= '';
  	$g_use_ldap_email		= OFF; # Should we send to the LDAP email address or what MySql tells us
mantis.diff (3,828 bytes)   

Activities

alf

alf

2004-08-06 11:47

reporter   ~0006723

Given the seemless modification to the code, you might be interested in including it.

Thanks a lot for your feedback.
jlatour

jlatour

2004-08-06 12:05

reporter   ~0006726

Applied to CVS, with some changes - thanks.

For next time:

  • Please submit a unified diff (diff -u), we find them easier to read
  • config_get has an optional second parameter to specify a default
  • To be sure, I said 'Active Directory' in config_defaults instead of A.D.
  • We use # for comments

Thanks again!