ona icon indicating copy to clipboard operation
ona copied to clipboard
verified publisher icon opennetadmin

Apply group mappings to groupOfUniqueNames LDAP groups too

Open chuhn opened this issue 7 years ago • 2 comments

This patch adds mapping support for groupOfUniqueNames groups in LDAP authentication.

Example:

  1. The authenticated user is a member of the group cn=PREFIX_ADMIN,cn=Groups,dc=example,dc=com.
  2. The following mapping is defined:
    $conf['auth']['ldap']['mapping']['grps'] = array('cn'=>'/PREFIX_(.+)/i');
  3. The user will be member of the ONA group ADMIN

Additionally there is a small tweak to allow email addresses as login names.

chuhn avatar Nov 12 '18 17:11 chuhn

What's still unclear to me is the assignent of $g++ which I copied from https://github.com/opennetadmin/ona/blob/53c03bcd8eccd7216ec9cc8ab8c70a44d58fa08d/www/include/auth/ldap.class.php#L221

AFAICT the correct groups.id for the given group name should looked up and assigned here instead ie.

ona_get_record('groups', "name like '{$match[1]}'")

Another feature I'd be interested in would be to deny access to users that are not members in any group known to ONA. From my observation they are implicitly added to the default group at the moment.

chuhn avatar Nov 12 '18 17:11 chuhn

Ping?

chuhn avatar Mar 05 '24 17:03 chuhn