Re: LDAP privledges
Hey Josh,
That's exactly what I was looking for. However, I haven't got it working yet.
I made the code change, but no user groups were created. So I figured maybe I
needed to manually create them and then they would populate. I did that, and
gave them the privileges I wanted but to no avail.
How am I supposed to get the groups once I make the code change.
Thanks,
Patrick
On Feb 11, 2011, at 1:31 PM, Josh Thompson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick,
An easy way to make all users a member of a specific group would be to add
the
following line to authmethods/ldapauth.php right after //TODO possibly add
to
a default group:
updateGroups(array(getUserGroupID('All Users', $user['affiliationid'])),
$user['id']);
This will result in each affiliation having an All Users group that all
users from that affiliation would be members of. If you only want a single
group instead of one for each affiliation, just hard code the second argument
to getUserGroupID instead of using $user['affiliationid'].
As a side note, remember that once you start to make changes to the code,
you've made your upgrade path a little more difficult. The easiest way to
find the changes you made to then make the same changes to a new version of
the code is to download a fresh copy of the version you have running, and
then do a diff between that and your running code. Then, make the same
changes to the new version, and you should have your modifications applied
to the new version. Even better, make patches for your changes and then
just apply them to the new version.
Josh
P.S. I didn't actually test that line of code. :)
On Friday February 11, 2011, James Patrick Sigmon wrote:
Hey Guys,
I've been adding in different colleges into VCL via LDAP and plan to
eventually have it so that it groups like you have at NC State. However,
to start I'm just interested in at least giving everyone the same basic
access to a few images. I was wondering how I could easily go about doing
this. As I stand right now, I can login via LDAP but don't have any
privileges yet. I have hunch this will involve the privilege tree and
some grouping, but also editing a few files (perhaps authentication.php,
and ldapauth.php). Again, I'm not sure and any advice would be helpful.
Thanks,
Patrick Sigmon
- --
- ---
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAk1VgIoACgkQV/LQcNdtPQNIggCbBW4rHCAA/+MWboNUWCzhu9YM
e+oAniTpKdBK+XPb8WwoEAQ7c2NquLGE
=d74X
-END PGP SIGNATURE-
Re: LDAP privledges
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick,
When you say no user groups were created, how were you checking? They wouldn't
show up under the Manage Groups section of the site because they are not
flagged
as custom groups in the database.
You should see the groups anywhere you would select a user group. However,
they
will not be created until someone from the desired affiliation has logged in
after
the user.lastupdated field for that user is 24 hours old (manually set it to an
older date to force it). The other thing you might hit is if you have a case
statement for that affiliation already in place in the switch statement, in
which
case the default one would not be called. You could move the extra line of
code
outside of the switch statement to make it get called for everyone, even if you
have an existing case statement for that affiliation (that's probably where I
should have told you to put it in the first place).
Josh
On Friday February 11, 2011, James Patrick Sigmon wrote:
Hey Josh,
That's exactly what I was looking for. However, I haven't got it working
yet. I made the code change, but no user groups were created. So I
figured maybe I needed to manually create them and then they would
populate. I did that, and gave them the privileges I wanted but to no
avail.
How am I supposed to get the groups once I make the code change.
Thanks,
Patrick
On Feb 11, 2011, at 1:31 PM, Josh Thompson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick,
An easy way to make all users a member of a specific group would be to
add the following line to authmethods/ldapauth.php right after //TODO
possibly add to a default group:
updateGroups(array(getUserGroupID('All Users', $user['affiliationid'])),
$user['id']);
This will result in each affiliation having an All Users group that all
users from that affiliation would be members of. If you only want a
single group instead of one for each affiliation, just hard code the
second argument to getUserGroupID instead of using
$user['affiliationid'].
As a side note, remember that once you start to make changes to the code,
you've made your upgrade path a little more difficult. The easiest way
to find the changes you made to then make the same changes to a new
version of the code is to download a fresh copy of the version you have
running, and then do a diff between that and your running code. Then,
make the same changes to the new version, and you should have your
modifications applied to the new version. Even better, make patches for
your changes and then just apply them to the new version.
Josh
P.S. I didn't actually test that line of code. :)
On Friday February 11, 2011, James Patrick Sigmon wrote:
Hey Guys,
I've been adding in different colleges into VCL via LDAP and plan to
eventually have it so that it groups like you have at NC State.
However, to start I'm just interested in at least giving everyone the
same basic access to a few images. I was wondering how I could easily
go about doing this. As I stand right now, I can login via LDAP but
don't have any privileges yet. I have hunch this will involve the
privilege tree and some grouping, but also editing a few files (perhaps
authentication.php, and ldapauth.php). Again, I'm not sure and any
advice would be helpful.
Thanks,
Patrick Sigmon
- --
- ---
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAk1VgIoACgkQV/LQcNdtPQNIggCbBW4rHCAA/+MWboNUWCzhu9YM
e+oAniTpKdBK+XPb8WwoEAQ7c2NquLGE
=d74X
-END PGP SIGNATURE-
- --
- ---
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAk1Vm7QACgkQV/LQcNdtPQO6VACfawNx0k6bjvgZVzPSJLnY46Ir
pLMAnjTBaFAHQxFM8wdWHjLF6vF/Akwh
=Cuvs
-END PGP SIGNATURE-
Re: LDAP privledges
Thank Josh, that did the trick :)
On Feb 11, 2011, at 3:27 PM, Josh Thompson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick,
When you say no user groups were created, how were you checking? They
wouldn't
show up under the Manage Groups section of the site because they are not
flagged
as custom groups in the database.
You should see the groups anywhere you would select a user group. However,
they
will not be created until someone from the desired affiliation has logged in
after
the user.lastupdated field for that user is 24 hours old (manually set it to
an
older date to force it). The other thing you might hit is if you have a case
statement for that affiliation already in place in the switch statement, in
which
case the default one would not be called. You could move the extra line of
code
outside of the switch statement to make it get called for everyone, even if
you
have an existing case statement for that affiliation (that's probably where I
should have told you to put it in the first place).
Josh
On Friday February 11, 2011, James Patrick Sigmon wrote:
Hey Josh,
That's exactly what I was looking for. However, I haven't got it working
yet. I made the code change, but no user groups were created. So I
figured maybe I needed to manually create them and then they would
populate. I did that, and gave them the privileges I wanted but to no
avail.
How am I supposed to get the groups once I make the code change.
Thanks,
Patrick
On Feb 11, 2011, at 1:31 PM, Josh Thompson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick,
An easy way to make all users a member of a specific group would be to
add the following line to authmethods/ldapauth.php right after //TODO
possibly add to a default group:
updateGroups(array(getUserGroupID('All Users', $user['affiliationid'])),
$user['id']);
This will result in each affiliation having an All Users group that all
users from that affiliation would be members of. If you only want a
single group instead of one for each affiliation, just hard code the
second argument to getUserGroupID instead of using
$user['affiliationid'].
As a side note, remember that once you start to make changes to the code,
you've made your upgrade path a little more difficult. The easiest way
to find the changes you made to then make the same changes to a new
version of the code is to download a fresh copy of the version you have
running, and then do a diff between that and your running code. Then,
make the same changes to the new version, and you should have your
modifications applied to the new version. Even better, make patches for
your changes and then just apply them to the new version.
Josh
P.S. I didn't actually test that line of code. :)
On Friday February 11, 2011, James Patrick Sigmon wrote:
Hey Guys,
I've been adding in different colleges into VCL via LDAP and plan to
eventually have it so that it groups like you have at NC State.
However, to start I'm just interested in at least giving everyone the
same basic access to a few images. I was wondering how I could easily
go about doing this. As I stand right now, I can login via LDAP but
don't have any privileges yet. I have hunch this will involve the
privilege tree and some grouping, but also editing a few files (perhaps
authentication.php, and ldapauth.php). Again, I'm not sure and any
advice would be helpful.
Thanks,
Patrick Sigmon
- --
- ---
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAk1VgIoACgkQV/LQcNdtPQNIggCbBW4rHCAA/+MWboNUWCzhu9YM
e+oAniTpKdBK+XPb8WwoEAQ7c2NquLGE
=d74X
-END PGP SIGNATURE-
- --
- ---
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAk1Vm7QACgkQV/LQcNdtPQO6VACfawNx0k6bjvgZVzPSJLnY46Ir
pLMAnjTBaFAHQxFM8wdWHjLF6vF/Akwh
=Cuvs
-END PGP SIGNATURE-
