LDAP auth and permissions
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
#124 LDAP auth and permissions
This is a continuation of my request about authorization...
I would like perm class to be compatible with permissions
(or groups) stored in LDAP directories.
The current implementation needs a hardcoded list of
permissions in local.inc. This is a huge problem when users
are stored in LDAP and have their perms stored alongside all
other userinfo in the directory. This means that you
manually have to check the LDAP directory for new
permission groups that have been created and add them to
local.inc.
Making the perm class (and the auth class) more compatible
with existing "corporate" user directories would be a great
way to ensure a strong future for the library.
I have two suggestions for alternate implementations. I am
not fully into the inner workings of the phpLib so I have to
leave it up to you to figure out the best implementations to
fit the library.
1. Have the perm class use LDAP and at initialisation
retrieve a list of permission groups from the server and
make the bitmap on the fly. (since the bitmap only used for
comparison and not storage of perms.)
Something like this but probably connected to the LDAP
class:
var $permissions;
// connect...
$ps=ldap_connect($this->ldap_host, $this->ldap_port);
if ($ps) {
// admin bind...
$r=ldap_bind($ps, $this->rootdn, $this->rootpw);
// search for groups...
$sr=ldap_search($ps,$this->basedn, $this-
>attrtype_perms."=".$this->attr_perms );
// get matching entries
$info = ldap_get_entries($ps, $sr);
$bin=1;
// test all results, and get uid and permissions...
for ($i=0; $i<$info["count"]; $i++) {
$permissions[$info[$i][$permid][0]] = $bin;
$bin*=2;
}
}
ldap_close($ps);
2. Replace the bit comparison in the perm class with a string
comparison.
Logged In: YES
user_id=77269
The perm class should be able to work with ldap auth with little
change.
As to your suggestions, take a look at the replacement perm
class in the patch manager. It doesn't require the full list of
perms be available and makes comparison using string array
indexes.
I'd like to discuss development. Please post to the phplib-users
list or email me directly.