Thanks for all the advice and help. I was able to get it working.  After adding 
the logging, I was wondering why I wasn't getting any information to the 
screen.  I forgot about the (user.lastupdated is < 24) and reset the time for 
my useraccount and upon login it listed two ldap_bind errors.  I had to put my 
the full dn for the "masterlogin" field in the conf.php to get it to properly 
bind.  Just the cn would not work.  Afterwards, everything started to work 
fine! 

Thanks for your hard work!

- Gerhard


-----Original Message-----
From: Josh Thompson [mailto:josh_thomp...@ncsu.edu] 
Sent: Wednesday, May 19, 2010 12:47 PM
To: vcl-dev@incubator.apache.org
Subject: Re: Cannot get LDAP grouping to work

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerhard,

The first thing I'd suggest is logging in to the database and checking for the 
existence of the groups in the usergroup table.  If the groups are there, it 
may be that they have a different affiliation than the user you are using to 
check for them.  In that case, set View User Groups to "from all affiliations" 
under User Preferences->General Preferences.

If the are not there, here's what I'd do.  In updateODUGroups, add

print "affiliationid of user id: {$user['affiliationid']}<br>\n";

before the "for" loop, add {}'s to the "if" statement in the "for" loop; then 
add

print "new group to add: {$match[1]}<br>\n";

after array_push is called; finally, add

print "user group ids:<br>\n";
printArray($newusergroups);

after

$newusergroups = array_unique($newusergroups);

The last thing you'll need to do is to make sure user.lastupdated is > 24 
hours old for the user you are testing LDAP with.

Let me know what you find.

Josh

On Wednesday May 19, 2010, Hartl, Gerhard L. wrote:
> I have been checking the privileges page for the groups.  I have been
>  trying to add var_dumps to the ldapauth.php, but I'm not getting anything
>  to the screen.
> 
> - Gerhard
> 757.683.6980 | gha...@odu.edu | occs.odu.edu
> 
> 
> -----Original Message-----
> From: Josh Thompson [mailto:josh_thomp...@ncsu.edu]
> Sent: Tuesday, May 18, 2010 3:58 PM
> To: vcl-dev@incubator.apache.org
> Subject: Re: Cannot get LDAP grouping to work
> 
> Gerhard,
> 
> Where in VCL are you looking to see if the groups have been created? 
>  Groups created from LDAP sources do not appear on the Manage Groups page
>  since their creation/membership is managed via LDAP.  You can either look
>  directly in the database, or go to the privileges page and click on the
>  "Add Group" button to see if they are in the list.
> 
> Josh
> 
> On Tuesday May 18, 2010, Hartl, Gerhard L. wrote:
> > I actually started out like that and in my trouble shooting had stripped
> >  them off.  You are correct as this now produces the following from my
> > test code, but I am still not getting the groups.  Any other ideas on
> > where to look or how to debug?
> >
> > Array ( [0] => cn=vclimage,ou=group,ou=vcl,o=odu [1] => vclimage ) Array
> > ( [0] => cn=vcladmin,ou=group,ou=vcl,o=odu [1] => vcladmin )
> >
> > - Gerhard
> >
> >
> > -----Original Message-----
> > From: Josh Thompson [mailto:josh_thomp...@ncsu.edu]
> > Sent: Tuesday, May 18, 2010 2:57 PM
> > To: vcl-dev@incubator.apache.org
> > Subject: Re: Cannot get LDAP grouping to work
> >
> > Gerhard,
> >
> > You're almost there.  You need to put ()'s around the part of the regular
> > expression that you want to be the name of the group in VCL.  I would
> >  suggest:
> >
> > for($i = 0; $i < $data[0]['ismemberof']['count']; $i++) {
> >                 if(preg_match('/^cn=(vcladmin),ou=group,ou=vcl,o=odu$/',
> > $data[0]['ismemberof'][$i], $match) ||
> >                    preg_match('/^cn=(vclimage),ou=group,ou=vcl,o=odu$/',
> > $data[0]['ismemberof'][$i], $match))
> >
> > If you look at updateEXAMPLE1Groups in the unmodified code, you'll see
> > some examples that have the ()'s in them.
> >
> > preg_match puts the entire matched string into $match[0] and then any sub
> > matches (items surrounded by ()'s) in $match[1] through $match[n].
> >
> > Josh
> >
> > On Tuesday May 18, 2010, Hartl, Gerhard L. wrote:
> > > Hello all,
> > >
> > > I have been scratching my head for a few weeks now and still cannot get
> > > vcl ldap groups working.  I have following the instruction on the
> > > mailing list regarding setting up the ldap.conf and ldapauth.php and
> > > while the user is properly authenticated, the groups do not follow.  We
> > > are using OpenDS and the attribute that lists groups that a user is
> > > apart of is "ismemberof". I have pulled out the updateODUGroups
> > > function and populated the variables and find that I do get a match.
> > >
> > > Here is our match statement:
> > >
> > > for($i = 0; $i < $data[0]['ismemberof']['count']; $i++) {
> > >                 if(preg_match('/^cn=vcladmin,ou=group,ou=vcl,o=odu$/',
> > >  $data[0]['ismemberof'][$i], $match) ||
> > >  preg_match('/^cn=vclimage,ou=group,ou=vcl,o=odu$/',
> > >  $data[0]['ismemberof'][$i], $match))
> > >
> > > This is what $match gets populated with:
> > >
> > > Array ( [0] => cn=vclimage,ou=group,ou=vcl,o=odu ) Array ( [0] =>
> > >  cn=vcladmin,ou=group,ou=vcl,o=odu )
> > >
> > > Is there a better way to debug this?  I am not sure where it is
> > > breaking.
> > >
> > > Gerhard Hartl
> > > Old Dominion University | ODU
> 
- -- 
- -------------------------------
Josh Thompson
Systems Programmer
Advanced Computing | VCL Developer
North Carolina State University

josh_thomp...@ncsu.edu
919-515-5323

my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkv0FiUACgkQV/LQcNdtPQO1kgCdFLCmolUKcvWr58VC6QTWG2fr
GXAAn3TIhOaebs7oxRnaHdKQlouLd5hc
=OzIm
-----END PGP SIGNATURE-----

Reply via email to