Hello all,
we have developed a patch to make group synchronization work.
Please have a look at the attached patch or see http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication#Group_Syncr...
Regards, Bjoern
--- LdapAuthentication.php-orig 2007-03-08 13:37:22.070548000 +0100 +++ LdapAuthentication.php 2007-04-05 19:00:56.267368111 +0200 @@ -1237,6 +1237,8 @@ foreach ($info as $i) { $mem = strtolower($i['dn']); $shortnamemem = strtolower($i[$nameattribute][0]); + //removing bogus AD groups with SSIDs or such in curly brackets behind name + if (strstr($mem, '{')) continue;
array_push($groups,$mem); array_push($shortnamegroups,$shortnamemem); @@ -1290,7 +1292,7 @@ $this->printDebug("Pulling groups from LDAP.",1);
# add groups permissions - $localAvailGrps = $user->getAllGroups(); + $localAvailGrps = array_merge($user->getAllGroups(), $this->allLDAPGroups); $localUserGrps = $user->getEffectiveGroups();
$this->printDebug("Available groups are: " . implode(",",$localAvailGrps) . "",1);
Hello all,
we have developed a patch to make group synchronization work.
Please have a look at the attached patch or see http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authenticati on#Group_Syncronization
Regards, Bjoern
The first change seems to be pretty AD specific (who knows if others are legitimately using { in their groups?). I'm not sure of the purpose of the second change, but I haven't looked at the code in a while. I'll take a look at this soon.
V/r,
Ryan Lane
mediawiki-enterprise@lists.wikimedia.org