Forums / Install & configuration / ldap groups in ez 3.9

ldap groups in ez 3.9

« 
Previous topic
|
Install & configuration
|
Next topic
 »
Author Message

Artturi Markko

Saturday 06 January 2007 5:10:53 am

Hello,

I'd like to use the new extended ldap group mapping feature of ez 3.9.

In ldap.ini, I see that I can switch between 2 mapping types :

LDAPGroupMappingType="UseGroupAttribute"

But what is the value for the new mode ?

Moreover, which attribute should i use to define the mapping array ?

Thanks in advance,
Artturi

Artturi Markko

Wednesday 02 May 2007 2:35:04 pm

Hello,

I gave recently a look at the documentation but it still points to version 3.8 which doesn't contain this feature

Is there some news on this topic ?

Regards,
Artturi

Artturi Markko

Tuesday 26 June 2007 3:08:48 am

I've taken some time to test this feature again.

Unfortunately, things do not work as expected (see http://ez.no/community/forum/general/groups_and_the_ldap_login_handler_in_ez_3_9_x)

So, has someone successfully used the new ldap group mappings of ez publish 3.9 ?

Lukasz Piech

Tuesday 26 June 2007 4:06:31 am

I am using LDAP group mapping based on the Description field from Active Directory. If your company manages AD quite OK this is the best in my opinion, field to map users, as it i.e. can have a department name in it.

I had to create the Groups same as variations of Description field in eZ, i.e. Managers group in eZ for Managers descritpion in AD

Here is my ldap.ini


<?php /*#?ini charset="iso-8859-1"?

[LDAPSettings]

LDAPVersion=3

LDAPEnabled=true

LDAPServer=xxxxx

LDAPPort=389

LDAPBaseDn=ou--xxx,dc--xxx,dc--xxx,dc--xxx
# If the server does not allow anonymous bind, specify the user name for the bind here.
LDAPBindUser=xxxx
# If the server does not allow anonymous bind, specify the password for the bind here.
LDAPBindPassword=xxx

LDAPSearchScope=sub

# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFiltersLDAPEqualSign=--

# Example LDAPSearchFilters[]=objectClass--inetOrgPerson

LDAPSearchFilters[]

# LDAP attribute for login. Normally, uid

LDAPLoginAttribute=sAMAccountName

# Could be id or name

LDAPUserGroupType=id

# Default place to store LDAP users. Could be content object id or group name for LDAP user group,

# depends on LDAPUserGroupType.

LDAPUserGroup[]

LDAPUserGroup[]=
# LDAP attribute type for user group. Could be name or id

LDAPUserGroupAttributeType=name

# LDAP attribute for user group. For example, employeetype. If specified, LDAP users

# will be saved under the same group as in LDAP server.

LDAPUserGroupAttribute=description

# LDAP attribute for First name. Normally, givenname

LDAPFirstNameAttribute=givenname

# LDAP attribute for Last name. Normally, sn

LDAPLastNameAttribute=sn

# LDAP attribute for email. Normally, mail

LDAPEmailAttribute=mail

# LDAP encoding is utf-8 or not

Utf8Encoding=true

*/ ?>

It works very well and the ldap cronjob does synchronize between groups i.e when you change the desctiprion in AD
\Lukasz

Artturi Markko

Tuesday 26 June 2007 5:09:04 am

Thanks, but I'm interested in the new mapping style (sorry for having forgottent to mention that)

Here's my ldap.ini :

[LDAPSettings]
LDAPVersion=3
LDAPServer=ldaps://xxxxxxxxxxxxxxxx
LDAPPort=636
LDAPBaseDn=ou--people,dc--xxxx,dc--xxxx,dc--xxxx
LDAPGroupBaseDN=ou=xxxx,dc=xxxx,dc=xxxx,dc=xxxx
LDAPGroupClass=groupofuniquenames
LDAPGroupDescriptionAttribute=description
LDAPSearchScope=one
LDAPBindUser=uid=xxxx,ou=xxx,dc=xxxxxs,dc=xxxx,dc=xxxxx
LDAPBindPassword=xxxxx
LDAPUserGroupType=id
LDAPGroupMappingType=SimpleMapping
LDAPGroupMemberAttribute=uniquemember
KeepGroupAssignment=disabled
LDAPUserGroupMap[]
LDAPUserGroupMap[ldapgroup_cn]=ezgroupname

Anyone has this "LDAPGroupMappingType=SimpleMapping" working with ez 3.9 ?

Regards
Artturi