Re: [openupload-devel] Active Directory
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
Re: [openupload-devel] Active Directory
|
From: Alessandro B. <ts...@br...> - 2009-05-06 08:23:47
|
Hi Andy, Andy Hester ha scritto: > Alessandro Briosi wrote: >> ok, it should now be fixed in SVN. Attaching it so you can test it >> (and others might review it ) >> It's more a hack then a real solution. (I need to re-think about this) >> > So I replaced the ldap.inc.php file and made the changes to > config.inc.php and it functions as expected now. The user is > recognized, the login was displayed (we changed index.tpl to test for > this), the links show 'My Files' and 'Logout' as expected. Thanks for > the fix! > Good. > The only question I have about it is why the default group was set to > 'Domain Users'? Could it be set for example to another group in my open > upload OU? The reason I ask is that we may include 'domain users' in > our 'open upload users' group to grant user access. I'm not sure what > effect this would have. Other than this point, I'm not sure why this is > a hack. > That's exactly why this is a hack. There is no easy way to find out the primary user group (Domain Users should be the default, but not always) If you add Domain Users to the OU groups then Open Upload should be able to also see that groups (so the basedn must change). I'm not sure Open Upload would handle this group in group thing right now. The "Domain Users" member attribute does not contain the users which are part of if, and also the user memberOf attribute does not contain it. As I said I need to rethink on how to properly handle the AD backend. There is this library adLDAP.php which should handle it and is small, so I'm wondering if I need to switch to it insthead of using my own. Of course right now you can change the "Domain Users" value to anything you like, but anybody which is able to authenticate against AD whould be granted at least the rights of that group. Alessandro |
