[Phplib-trackers] [ phplib-Bugs-763117 ] LDAP auth and permissions
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-trackers] [ phplib-Bugs-763117 ] LDAP auth and permissions
|
From: SourceForge.net <no...@so...> - 2003-06-30 10:56:12
|
Bugs item #763117, was opened at 2003-06-30 03:56 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=403611&aid=763117&group_id=31885 Category: Permission Group: current CVS Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: LDAP auth and permissions Initial Comment: This is a continuation of my request about authorization... I would like perm class to be compatible with permissions (or groups) stored in LDAP directories. The current implementation needs a hardcoded list of permissions in local.inc. This is a huge problem when users are stored in LDAP and have their perms stored alongside all other userinfo in the directory. This means that you manually have to check the LDAP directory for new permission groups that have been created and add them to local.inc. Making the perm class (and the auth class) more compatible with existing "corporate" user directories would be a great way to ensure a strong future for the library. I have two suggestions for alternate implementations. I am not fully into the inner workings of the phpLib so I have to leave it up to you to figure out the best implementations to fit the library. 1. Have the perm class use LDAP and at initialisation retrieve a list of permission groups from the server and make the bitmap on the fly. (since the bitmap only used for comparison and not storage of perms.) Something like this but probably connected to the LDAP class: var $permissions; // connect... $ps=ldap_connect($this->ldap_host, $this->ldap_port); if ($ps) { // admin bind... $r=ldap_bind($ps, $this->rootdn, $this->rootpw); // search for groups... $sr=ldap_search($ps,$this->basedn, $this- >attrtype_perms."=".$this->attr_perms ); // get matching entries $info = ldap_get_entries($ps, $sr); $bin=1; // test all results, and get uid and permissions... for ($i=0; $i<$info["count"]; $i++) { $permissions[$info[$i][$permid][0]] = $bin; $bin*=2; } } ldap_close($ps); 2. Replace the bit comparison in the perm class with a string comparison. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=403611&aid=763117&group_id=31885 |
