Re: [openupload-devel] Active Directory
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
Re: [openupload-devel] Active Directory
|
From: Andy H. <and...@eu...> - 2009-04-28 20:23:14
|
Alessandro Briosi wrote: > hmm, I might think there is something with the "groups" and the > "unregistered" group. > > It seems the correct group is not associated to the user, or users that > are "registered" users are also members of the "unregistered" group. > This should explain the problems you have. > Right now I have in config.inc.php: $CONFIG['register']['nologingroup'] = 'unregistered'; $CONFIG['register']['default_group'] = 'upload_users'; does this look correct? > AD support checks for every group associated to the user (if it can find > it) and applies the rules on every group. Unless no group has access to > some functionality it denies access to it. > AFAIR also nested groups are checked. > that's why probably having a "ou" with the openupload groups in there > and bind to that "ou" for the groups would be best. Open Upload won't > find other groups so only thoose are checked in the acl (though don't > use nested groups then). > I did create a separate OU for this and it only has upload_users and upload_admins... No users are currently members of both groups. > Please also check the "unregistered" group in the config.inc.php file, > that should match some group in active directory so you can set rights > as above the only thing I see about an '"unregistered" group in the config.inc.php' is this: $CONFIG['register']['nologingroup'] = 'unregistered'; $CONFIG['register']['default_group'] = 'upload_users'; Not sure if this is correct. > for it. > ... > > ok. > Looking at the source the fact that you get the "Public Files" means > that the user is not logged in, or that the AD login field is not > correctly populated. > Are you sure that in the config.inc.php file the line with associated > fields like this?: > $CONFIG['ldap']['userfields'] = array ( 'cn' => 'login', 'name' => > 'name', 'memberof' => 'group_id', 'mail' => 'email'); > Yes. I have this line exactly like above. Login does work and provides the different rights for upload_admins vs upload_users. > This behavier is caused by a missing 'login' value when a user logs in. > > Alessandro > > A |
