LDAP GROUP MAPPING

Next topic

Author	Message
Alexandre Henriet	Thursday 19 November 2009 4:25:15 am I'm experiencing LDAP Authentification on active directory with eZ Publish. Authentification part works. The user I use to log-in is well created (using data from LDAP) in the default eZ Publish group called 'LDAP' that I specified in the configuration using LDAPUserGroup[]=LDAP. My problem concerns the different group mapping methods. I tryed the 3 without success, and I was wondering if it was possible to setup eZ Publish - LDAP group mapping with ldap objects with that kind of structure : In our AD, user objects have many entries looking like : memberOf: CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa memberOf: CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa memberOf: CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa while group objects have many entries looking like : member: CN=LoginX,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa member: CN=LoginY,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa member: CN=LoginZ,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa In most of the examples I've seen, group names in LDAP are stored in a custom field employeeType containing a single word value. It's not the case in our AD and we don't have the possibility to change its structure. What I would like to do is to store a user with a memberOf entry like : CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa in an eZ Publish group called : CompUsersG 1. Is it possible ? 2. Using which mapping method ? 3. How ? :-/ Thanks in advance, Alexandre
Alexandre Henriet	Thursday 19 November 2009 4:46:00 am Using the LDAP Debuging, with our AD structure and while using the "UseGroupAttribute" mapping method, when specifying LDAPUserGroupAttribute=memberOf at stage 3/5 : 'real authentication of user', we see that eZ Publish sees memberOf as an array : 'memberof' => array ( 'count' => 3, 0 => 'CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa', 1 => 'CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa', 2 => 'CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa', ), if it can helps someone to answer me ..
Alexandre Henriet	Friday 20 November 2009 2:25:14 am Without providing more explanations, can someone just tell me if it is possible plz ? :)

Author

Message

Thursday 19 November 2009 4:25:15 am

I'm experiencing LDAP Authentification on active directory with eZ Publish.
Authentification part works. The user I use to log-in is well created (using data from LDAP)
in the default eZ Publish group called 'LDAP' that I specified in the configuration
using LDAPUserGroup[]=LDAP.
My problem concerns the different group mapping methods.
I tryed the 3 without success, and I was wondering if it was possible
to setup eZ Publish - LDAP group mapping with ldap objects with that kind of structure :
In our AD, user objects have many entries looking like :
memberOf: CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
memberOf: CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
memberOf: CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa
while group objects have many entries looking like :
member: CN=LoginX,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
member: CN=LoginY,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
member: CN=LoginZ,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
In most of the examples I've seen, group names in LDAP are stored in a custom field employeeType containing a single word value. It's not the case in our AD and we don't have the possibility to change its structure.
What I would like to do is to store a user with a memberOf entry like :
CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
in an eZ Publish group called :
CompUsersG
1. Is it possible ?
2. Using which mapping method ?
3. How ? :-/
Thanks in advance,
Alexandre

Alexandre Henriet

Thursday 19 November 2009 4:46:00 am

Using the LDAP Debuging, with our AD structure and while using the "UseGroupAttribute" mapping method,
when specifying
LDAPUserGroupAttribute=memberOf
at stage 3/5 : 'real authentication of user', we see that eZ Publish sees memberOf as an array :
'memberof' =>
array (
'count' => 3,
0 => 'CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa',
1 => 'CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa',
2 => 'CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa',
),
if it can helps someone to answer me ..

Alexandre Henriet

Friday 20 November 2009 2:25:14 am

Without providing more explanations, can someone just tell me if it is possible plz ? :)

eZ debug

Timing:	Jan 18 2025 02:57:11
Script start
Timing:	Jan 18 2025 02:57:11
Module start 'layout'
Timing:	Jan 18 2025 02:57:11
Module start 'content'
Timing:	Jan 18 2025 02:57:12
Module end 'content'
Timing:	Jan 18 2025 02:57:12
Script end

Main resources:

Total runtime	0.9595 sec
Peak memory usage	4,096.0000 KB
Database Queries	55

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0051	589.0313	152.6250
Module start 'layout'	0.0052	0.0025	741.6563	39.4453
Module start 'content'	0.0076	0.9503	781.1016	438.6641
Module end 'content'	0.9579	0.0015	1,219.7656	12.1719
Script end	0.9594		1,231.9375

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0032	0.3304	16	0.0002
Check MTime	0.0013	0.1347	16	0.0001
Mysql Total
Database connection	0.0006	0.0639	1	0.0006
Mysqli_queries	0.9110	94.9485	55	0.0166
Looping result	0.0004	0.0427	53	0.0000
Template Total	0.9320	97.1	2	0.4660
Template load	0.0020	0.2118	2	0.0010
Template processing	0.9300	96.9267	2	0.4650
Template load and register function	0.0002	0.0247	1	0.0002
states
state_id_array	0.0008	0.0846	1	0.0008
state_identifier_array	0.0007	0.0764	2	0.0004
Override
Cache load	0.0017	0.1766	43	0.0000
Sytem overhead
Fetch class attribute can translate value	0.0008	0.0785	1	0.0008
Fetch class attribute name	0.0011	0.1164	3	0.0004
XML
Image XML parsing	0.0001	0.0148	1	0.0001
class_abstraction
Instantiating content class attribute	0.0000	0.0007	3	0.0000
General
dbfile	0.0025	0.2604	10	0.0002
String conversion	0.0000	0.0009	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
3	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
2	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
3	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 10 Number of unique templates used: 5

Time used to render debug report: 0.0001 secs