[ZendTo] Re: LDAPAuthorization for zendto

[Jules]

Patrick,

I have changed your approach slightly, resulting in only changing 
NSSADAuthentication.php and NSSLDAPAuthentication.php. I figured the AD 
people might want the feature too, so it's implemented in both systems.

There are a couple of new preferences.php settings and one new 
zendto.conf setting, so you never have to mess with the code to 
translate it or tweak it.

Look in the attached zip file and you will find the 2 new files and a 
README.txt which tells you how to install and configure it. Hopefully 
you'll find that pretty simple.

I haven't got my own LDAP system, so I've only been able to test the AD 
version. So please let me know if it works for you or not!

This will be included in the next release.

Cheers,
Jules.

On 13/12/2010 16:08, patrick.gaikowski at kaufland.com wrote:
>
> Hello,
>
> we like to use LDAP-Authentication in combination with 
> LDAP-Authorization, means the user needs a special LDAP-Role to get 
> access as authorized user.
>
> We changed *NSSDropbox.php*:
>
> 919,921d918
> < } elseif ($result == 2){
> < $this->_authorizationFailed = TRUE;
> < $this->writeToLog("authorization attempt for not authorized user 
> $uname - please add the group");
>
> We changed *NSSLDAPAuthenticator.php*:
>
> 236,239d235
> < // Kaufland Added
> < // Benutzer status auf nicht autorisiert aendern
> < $result=2;
> <
> 241d236
> < $ldapGroups = array(); // Kaufland Added
> 243,246d237
> < // Kaufland Added
> < if ($key == "groupMembership") {
> < $ldapGroups = $value;
> < }
> 253,261d243
> <
> < // Kaufland Added
> < foreach ($ldapGroups as $group){
> < // Gruppenmitgliedschaft des Benutzers pruefen
> < if ( $group == "cn=citrix,ou=portal,ou=sslvpn,ou=roles,o=kls") {
> < // Status des benutzers auf OK setzten
> < $result = 1;
> < }
> < }
>
>
> /(See attached file: NSSLDAPAuthenticator.php)//(See attached file: 
> NSSDropbox.php)/
>
> We know that this is a quick and dirty solution, but it works.
>
> Question from us is, if such a request can be implemented cleanly in 
> the installation Source?
>
> Mit freundlichen Grüßen / Best regards
>
> Patrick Gaikowski
> Tel:     +49 7132 94 3568
> Fax:    +49 7132 94 73568
> E-Mail: patrick.gaikowski at kaufland.com
> KI 967800 IT International / Infrastruktur
> Office:
> Lindichstrasse 11
> D-74189 Weinsberg
>
>
> http://www.kaufland.de
>
> Kaufland Informationssysteme GmbH & Co. KG
> Postfach 12 53 - 74149 Neckarsulm
> Kommanditgesellschaft
> Sitz: Neckarsulm
> Registergericht: Amtsgericht Stuttgart HRA 104163
>
> Diese Nachricht enthält vertrauliche Informationen und ist 
> ausschließlich für
> den Adressaten bestimmt. Jeder Gebrauch durch Dritte ist verboten. 
> Falls Sie
> die Daten irrtümlich erhalten haben, nehmen Sie bitte Kontakt mit dem
> Absender auf und löschen Sie die Daten auf jedem Computer und Datenträger.
> This message contains confidential information and is intended solely 
> for the
> use by the addressee. Any use of this message by a third party is 
> prohibited.
> If you receive this message in error, please contact the sender and 
> delete the
> data from any computer and data carrier.
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CITP CEng
www.Zend.To

Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/4d984a7c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Authorization.zip
Type: application/zip
Size: 8861 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/4d984a7c/attachment.zip