Re: LDAP privledges
Hey Josh, That's exactly what I was looking for. However, I haven't got it working yet. I made the code change, but no user groups were created. So I figured maybe I needed to manually create them and then they would populate. I did that, and gave them the privileges I wanted but to no avail. How am I supposed to get the groups once I make the code change. Thanks, Patrick On Feb 11, 2011, at 1:31 PM, Josh Thompson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick, An easy way to make all users a member of a specific group would be to add the following line to authmethods/ldapauth.php right after //TODO possibly add to a default group: updateGroups(array(getUserGroupID('All Users', $user['affiliationid'])), $user['id']); This will result in each affiliation having an All Users group that all users from that affiliation would be members of. If you only want a single group instead of one for each affiliation, just hard code the second argument to getUserGroupID instead of using $user['affiliationid']. As a side note, remember that once you start to make changes to the code, you've made your upgrade path a little more difficult. The easiest way to find the changes you made to then make the same changes to a new version of the code is to download a fresh copy of the version you have running, and then do a diff between that and your running code. Then, make the same changes to the new version, and you should have your modifications applied to the new version. Even better, make patches for your changes and then just apply them to the new version. Josh P.S. I didn't actually test that line of code. :) On Friday February 11, 2011, James Patrick Sigmon wrote: Hey Guys, I've been adding in different colleges into VCL via LDAP and plan to eventually have it so that it groups like you have at NC State. However, to start I'm just interested in at least giving everyone the same basic access to a few images. I was wondering how I could easily go about doing this. As I stand right now, I can login via LDAP but don't have any privileges yet. I have hunch this will involve the privilege tree and some grouping, but also editing a few files (perhaps authentication.php, and ldapauth.php). Again, I'm not sure and any advice would be helpful. Thanks, Patrick Sigmon - -- - --- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk1VgIoACgkQV/LQcNdtPQNIggCbBW4rHCAA/+MWboNUWCzhu9YM e+oAniTpKdBK+XPb8WwoEAQ7c2NquLGE =d74X -END PGP SIGNATURE-
Re: LDAP privledges
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick, When you say no user groups were created, how were you checking? They wouldn't show up under the Manage Groups section of the site because they are not flagged as custom groups in the database. You should see the groups anywhere you would select a user group. However, they will not be created until someone from the desired affiliation has logged in after the user.lastupdated field for that user is 24 hours old (manually set it to an older date to force it). The other thing you might hit is if you have a case statement for that affiliation already in place in the switch statement, in which case the default one would not be called. You could move the extra line of code outside of the switch statement to make it get called for everyone, even if you have an existing case statement for that affiliation (that's probably where I should have told you to put it in the first place). Josh On Friday February 11, 2011, James Patrick Sigmon wrote: Hey Josh, That's exactly what I was looking for. However, I haven't got it working yet. I made the code change, but no user groups were created. So I figured maybe I needed to manually create them and then they would populate. I did that, and gave them the privileges I wanted but to no avail. How am I supposed to get the groups once I make the code change. Thanks, Patrick On Feb 11, 2011, at 1:31 PM, Josh Thompson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick, An easy way to make all users a member of a specific group would be to add the following line to authmethods/ldapauth.php right after //TODO possibly add to a default group: updateGroups(array(getUserGroupID('All Users', $user['affiliationid'])), $user['id']); This will result in each affiliation having an All Users group that all users from that affiliation would be members of. If you only want a single group instead of one for each affiliation, just hard code the second argument to getUserGroupID instead of using $user['affiliationid']. As a side note, remember that once you start to make changes to the code, you've made your upgrade path a little more difficult. The easiest way to find the changes you made to then make the same changes to a new version of the code is to download a fresh copy of the version you have running, and then do a diff between that and your running code. Then, make the same changes to the new version, and you should have your modifications applied to the new version. Even better, make patches for your changes and then just apply them to the new version. Josh P.S. I didn't actually test that line of code. :) On Friday February 11, 2011, James Patrick Sigmon wrote: Hey Guys, I've been adding in different colleges into VCL via LDAP and plan to eventually have it so that it groups like you have at NC State. However, to start I'm just interested in at least giving everyone the same basic access to a few images. I was wondering how I could easily go about doing this. As I stand right now, I can login via LDAP but don't have any privileges yet. I have hunch this will involve the privilege tree and some grouping, but also editing a few files (perhaps authentication.php, and ldapauth.php). Again, I'm not sure and any advice would be helpful. Thanks, Patrick Sigmon - -- - --- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk1VgIoACgkQV/LQcNdtPQNIggCbBW4rHCAA/+MWboNUWCzhu9YM e+oAniTpKdBK+XPb8WwoEAQ7c2NquLGE =d74X -END PGP SIGNATURE- - -- - --- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk1Vm7QACgkQV/LQcNdtPQO6VACfawNx0k6bjvgZVzPSJLnY46Ir pLMAnjTBaFAHQxFM8wdWHjLF6vF/Akwh =Cuvs -END PGP SIGNATURE-
Re: LDAP privledges
Thank Josh, that did the trick :) On Feb 11, 2011, at 3:27 PM, Josh Thompson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick, When you say no user groups were created, how were you checking? They wouldn't show up under the Manage Groups section of the site because they are not flagged as custom groups in the database. You should see the groups anywhere you would select a user group. However, they will not be created until someone from the desired affiliation has logged in after the user.lastupdated field for that user is 24 hours old (manually set it to an older date to force it). The other thing you might hit is if you have a case statement for that affiliation already in place in the switch statement, in which case the default one would not be called. You could move the extra line of code outside of the switch statement to make it get called for everyone, even if you have an existing case statement for that affiliation (that's probably where I should have told you to put it in the first place). Josh On Friday February 11, 2011, James Patrick Sigmon wrote: Hey Josh, That's exactly what I was looking for. However, I haven't got it working yet. I made the code change, but no user groups were created. So I figured maybe I needed to manually create them and then they would populate. I did that, and gave them the privileges I wanted but to no avail. How am I supposed to get the groups once I make the code change. Thanks, Patrick On Feb 11, 2011, at 1:31 PM, Josh Thompson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick, An easy way to make all users a member of a specific group would be to add the following line to authmethods/ldapauth.php right after //TODO possibly add to a default group: updateGroups(array(getUserGroupID('All Users', $user['affiliationid'])), $user['id']); This will result in each affiliation having an All Users group that all users from that affiliation would be members of. If you only want a single group instead of one for each affiliation, just hard code the second argument to getUserGroupID instead of using $user['affiliationid']. As a side note, remember that once you start to make changes to the code, you've made your upgrade path a little more difficult. The easiest way to find the changes you made to then make the same changes to a new version of the code is to download a fresh copy of the version you have running, and then do a diff between that and your running code. Then, make the same changes to the new version, and you should have your modifications applied to the new version. Even better, make patches for your changes and then just apply them to the new version. Josh P.S. I didn't actually test that line of code. :) On Friday February 11, 2011, James Patrick Sigmon wrote: Hey Guys, I've been adding in different colleges into VCL via LDAP and plan to eventually have it so that it groups like you have at NC State. However, to start I'm just interested in at least giving everyone the same basic access to a few images. I was wondering how I could easily go about doing this. As I stand right now, I can login via LDAP but don't have any privileges yet. I have hunch this will involve the privilege tree and some grouping, but also editing a few files (perhaps authentication.php, and ldapauth.php). Again, I'm not sure and any advice would be helpful. Thanks, Patrick Sigmon - -- - --- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk1VgIoACgkQV/LQcNdtPQNIggCbBW4rHCAA/+MWboNUWCzhu9YM e+oAniTpKdBK+XPb8WwoEAQ7c2NquLGE =d74X -END PGP SIGNATURE- - -- - --- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk1Vm7QACgkQV/LQcNdtPQO6VACfawNx0k6bjvgZVzPSJLnY46Ir pLMAnjTBaFAHQxFM8wdWHjLF6vF/Akwh =Cuvs -END PGP SIGNATURE-