Menu

Browsing LDAP group members using LDAP Address Book

General Discussion
M B
2020-03-23
2020-03-29

  • M B

    M B - 2020-03-23

    As the other thread about this topic ("Group definition outside of the user record") has become rather long and convoluted, I am starting a new one for this specific topic, extracting the relveant information from the other thread.

    So the basic idea is to use LDAP Address Book to show the members of an LDAP group in pretty much the same way as normal users as being shown right now (i.e. as a table with name, first name, phone number etc.) for each group member.

    In particular, I would like this to work for LDAP groups defined as a posixGroup: an OU of class posixGroup with
    multiple memberUid attributes, each holding a single username for a member of that group.

    Right now, LDAP Address Book can display the memberUid values for a group, but nothing else.

    What I would like to suggest is an extension such that the memberUid values are used to look up the actual details of that user in another part of the LDAP.

    Very crude pesudo-code:

    g = posixGroup
startTable("Members of group " . g.name)
foreach muid in g.memberUidArray do (
personAttributes = getAttributes(user=muid, personLDAPfilter)
addTableRow(personAttributes)
)
endTable()

    And each of these rows should display the same information as if you were just searching for "smith" in the main page of LDAP Address Book (e.g. like this: https://a.fsdn.com/con/app/proj/ldap-addr-book/screenshots/ldap-addr-book.png/max/max/1 )

    Thanks!

     

  • James Turner

    James Turner - 2020-03-29

    One way of controlling which columns are displayed would be to configure it in the class's display layout, e.g.

    $ldap_server->add_display_layout("groupOfNames",array(
    array("colspan"=>2,"new_row"=>true,
        "attributes"=>array(
            array("cn",           gettext("Group Name"),  "group24.png"),
            array("description",  gettext("Description"), "description.png"),
            )
        ),
    array("section_name"=>gettext("Group Members"),"new_row"=>true,"width"=>"50%",
        "attributes"=>array(
            array("member",
                null,        // caption shown to left of value (none)
                null,        // icon to left of value (none)
                "display_columns"=>"name,title,ou,phone,mail")
            )
           )
        ));

    The value "display_columns" would be valid for attributes of type "dn_list" (or a new data type that would look up posixGroup memberUid values - as per the other discussion thread). Where "display_columns" isn't specified, the layout would be like it is now (with just the name).

    I'm hoping to include this functionality in the release after next.

     

Log in to post a comment.