[ZendTo] Re: Using a custom Active Directory attribute for email addresses?

[Alexander Fisher]

On 6 February 2014 11:50, Alexander Fisher <alex at alexfisher.me.uk> wrote:

> Hi
>
> I have a situation as follows.
>
> I'm creating two zendto sites: dropoff.companyname1.com and
> dropoff.companyname2.com
>
> I'll skin each site differently, but the internal users for both sites
> will be the same and authenticated against AD.  Each user has one email
> account, with several aliases.  ie user.name at companyname1.com and
> user.name at companyname2.com etc.
>
> Can I easily change the LDAP field used to fetch the email address to
> perhaps a custom attribute I extend the Active Directory schema with?
>
> Or maybe it would be best to fetch the email address from the standard
> ldap:mail attribute and replace the domain part with that of the site being
> used?
>
> Has anybody else needed to do something like this?  What approach would
> you go for?
>
> Many thanks,
> Alex
>
>
Hi again

I've managed to get the second approach working.  Does the following patch
look sane?

--- lib/NSSAuthenticator.php.bak        2014-02-06 14:14:28.124778074 +0000
+++ lib/NSSAuthenticator.php    2014-02-06 15:11:49.495180022 +0000
@@ -35,6 +35,7 @@
   private $_adminList = NULL;
   private $_statsList = NULL;
   private $_defaultEmailDomain = NULL;
+  private $_overrideEmailDomain = NULL;

   /*!
     @function __construct
@@ -54,6 +55,9 @@
     if ( $prefs['authStats'] ) {
       $this->_statsList = $prefs['authStats'];
     }
+    if ( $prefs['overrideEmailDomain'] ) {
+      $this->_overrideEmailDomain = $prefs['overrideEmailDomain'];
+    }
   }

   /*!
@@ -132,6 +136,11 @@
       if ( $response['mail'] == "" ) {
         $response['mail'] = $uname . '@' . $this->_defaultEmailDomain;
       }
+      if ( $this->_overrideEmailDomain  ) {
+        $user_part = strstr( $response['mail'], "@", true);
+        $response['mail'] = $user_part . '@' . $this->_overrideEmailDomain;
+        //error_log ( "ValidUsername: " . $response['mail'] );
+      }
     }
     return TRUE;
   }
@@ -173,6 +182,11 @@
       if ( $response['mail'] == "" ) {
         $response['mail'] = $uname . '@' . $this->_defaultEmailDomain;
       }
+      if ( $this->_overrideEmailDomain  ) {
+        $user_part = strstr( $response['mail'], "@", true);
+        $response['mail'] = $user_part . '@' . $this->_overrideEmailDomain;
+        //error_log ( "authenticate: " . $response['mail'] );
+      }
     }
     return TRUE;
   }


If a new overrideEmailDomain variable is defined in preferences.php, that
domain name is used to replace whatever domain name part existed in the
email address fetched from LDAP/ActiveDirectory.

Any chance of getting this patch or something similar included in the next
version of zend.to?

Kind Regards,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20140206/723ed6d5/attachment.html