Wednesday, June 27, 2012

LDAP: Adding Users to Groups

Hi There,

Thanks beforehand for any help on this.

I have successfully implemented the Idbroker plugin for 389 Directory Server Ldap authentication and SQL mirroring I can also add users to LDAP via my project. I currently have an issue when trying to add ldap users to pre exisiting Ldap groups:

I have written the following component to gather the data to save. The '$this->getModel($this->ldapGroupModel)' calls and initiates the Ldap Group Model:

        public function modLdapGroup($groupName, $user = null) {
           
            if (!is_null($groupName)) {
               
               
                $filter = $this->getModel($this->ldapGroupModel)->primaryKey."=". $groupName;
               
                $ldapGroup = $this->getModel($this->ldapGroupModel)->find('first', array('conditions' => $filter));
              
               
                if (isset($user['dn']) && !empty($user['dn'])) $data['uniquemember'] = $user['dn'];
                if (isset($ldapGroup['LdapGroup']['dn']) && !empty($ldapGroup['LdapGroup']['dn'])) $data['cn'] = $ldapGroup['LdapGroup']['dn'];
                               
                return $data;
               
            }
        }

// debug($ldapGroup)

 
array(  	'LdapGroup' => array(  		'nsuniqueid' => '84e39381-bf6311e1-86738c03-1d2eb6a1',  		'description' => 'yadayada',  		'objectclass' => array(  			(int) 0 => 'top',  			(int) 1 => 'groupofuniquenames'  		),  		'cn' => 'yadayada',  		'creatorsname' => 'cn=directory manager',  		'modifiersname' => 'cn=directory manager',  		'createtimestamp' => '20120626075046Z',  		'modifytimestamp' => '20120626075046Z',  		'parentid' => '3',  		'entryid' => '176',  		'entrydn' => 'cn=yadayada,ou=groups,dc=skypc,dc=local',  		'hassubordinates' => 'FALSE',  		'numsubordinates' => '0',  		'subschemasubentry' => 'cn=schema',  		'dn' => 'cn=yadayada,ou=Groups,dc=skypc,dc=local'  	),  	(int) 0 => array(  		'count' => (int) 1  	)  )


// debug($data)

array(  	'uniquemember' => 'uid=cbrandt152,dc=skypc,dc=local',  	'cn' => 'cn=yadayada,ou=Groups,dc=skypc,dc=local'  )

//Ldap Group Model

<?php
class LdapGroup extends AppModel {

    var $useDbConfig = 'ldap';
    var $primaryKey = 'cn';    
    var $useTable = 'ou=Groups';
    var $validate = array(
        'dn' => array(
            'rule' => array('custom', '/^[a-zA-Z0-9]*$/'),
            'required' => true,
            'on' => 'create',
            'message' => 'Group names must be alpha numeric.'
        ),
        'gidnumber' => array(
            'rule' => array('custom', '/^[0-9]*$/'),
            'required' => true,
            'on' => 'create',
            'message' => 'Group ID number must be numeric.'
        ),

    );
       
    function __construct(){
        $primaryKey = Configure::read('LDAP.Group.Identifier');
        $useDbConfig = Configure::read('LDAP.Db.Config');
        $this->primaryKey = empty($primaryKey) ? 'cn' : $primaryKey;
        $this->useDbConfig = empty($useDbConfig) ? 'ldap' : $useDbConfig;
        parent::__construct();
    }
}
?>

//When the user subscribes, it should add him to the correct Ldap group

//Modify the LDAP Group and add the user top the group
$groupFields = $this->Component->modLdapGroup($app['Application']['system_name'], $this->Auth->user());
                                                 
$this->loadModel('LdapGroup');
                           
if($this->LdapGroup->save($groupFields)) {
  $this->Session->setFlash('User  saved to group');
   } else {
  $this->Session->setFlash('User NOT saved to group');
}
 
// The code successfully queries LDAP but does not MOD the  Ldap group

[27/Jun/2012:11:58:07 +0200] conn=35 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[27/Jun/2012:11:58:07 +0200] conn=35 op=3 SRCH base="cn=schema" scope=0 filter="(objectClass=subschema)" attrs="objectClasses attributeTypes"
[27/Jun/2012:11:58:07 +0200] conn=35 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[27/Jun/2012:11:58:08 +0200] conn=35 op=4 SRCH base="cn=yadayada,ou=Groups,dc=skypc,dc=local" scope=0 filter="(objectClass=*)" attrs="* accountUnlockTime aci copiedFrom copyingFrom createTimestamp creatorsName dncomp entrydn entryid hasSubordinates ldapSchemas ldapSyntaxes modifiersName modifyTimestamp nsAccountLock nsaimstatusgraphic nsaimstatustext nsBackendSuffix nscpEntryDN nsds5ReplConflict nsicqstatusgraphic nsicqstatustext nsIdleTimeout nsLookThroughLimit nsRole nsRoleDN nsSchemaCSN nsSizeLimit nsTimeLimit nsUniqueId nsyimstatusgraphic nsyimstatustext numSubordinates parentid passwordAllowChangeTime passwordExpirationTime passwordExpWarned passwordGraceUserTime passwordHistory passwordRetryCount passwordExpWarned passwordGraceUserTime passwordHistory pwdpolicysubentry retryCountResetTime subschemaSubentry aci"
[27/Jun/2012:11:58:08 +0200] conn=35 op=4 RESULT err=0 tag=101 nentries=1 etime=0
[27/Jun/2012:11:58:08 +0200] conn=35 op=5 UNBIND
[27/Jun/2012:11:58:08 +0200] conn=35 op=5 fd=68 closed - U1

Thanks for any help on this. I ma stumped :)

Craig

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)