<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Patrick,<br>
<br>
I have changed your approach slightly, resulting in only changing
NSSADAuthentication.php and NSSLDAPAuthentication.php. I figured the
AD people might want the feature too, so it's implemented in both
systems.<br>
<br>
There are a couple of new preferences.php settings and one new
zendto.conf setting, so you never have to mess with the code to
translate it or tweak it.<br>
<br>
Look in the attached zip file and you will find the 2 new files and
a README.txt which tells you how to install and configure it.
Hopefully you'll find that pretty simple.<br>
<br>
I haven't got my own LDAP system, so I've only been able to test the
AD version. So please let me know if it works for you or not!<br>
<br>
This will be included in the next release.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
On 13/12/2010 16:08, <a class="moz-txt-link-abbreviated" href="mailto:patrick.gaikowski@kaufland.com">patrick.gaikowski@kaufland.com</a> wrote:
<blockquote
cite="mid:OF50C417F9.60733B69-ONC12577F8.00572DDA-C12577F8.0058A71D@de.int.kaufland"
type="cite">
<p>Hello,<br>
<br>
we like to use LDAP-Authentication in combination with
LDAP-Authorization, means the user needs a special LDAP-Role to
get access as authorized user.<br>
<br>
<font color="#ff0000">We changed </font><b><font
color="#ff0000">NSSDropbox.php</font></b><font
color="#ff0000">:</font><br>
<br>
<font color="#ff0000">919,921d918</font><br>
<font color="#ff0000">< } elseif ($result == 2){</font><br>
<font color="#ff0000">< $this->_authorizationFailed =
TRUE;</font><br>
<font color="#ff0000">< $this->writeToLog("authorization
attempt for not authorized user $uname - please add the
group");</font><br>
<br>
<font color="#ff0000">We changed </font><b><font
color="#ff0000">NSSLDAPAuthenticator.php</font></b><font
color="#ff0000">:</font><br>
<br>
<font color="#ff0000">236,239d235</font><br>
<font color="#ff0000">< // Kaufland Added</font><br>
<font color="#ff0000">< // Benutzer status auf nicht
autorisiert aendern</font><br>
<font color="#ff0000">< $result=2;</font><br>
<font color="#ff0000"><</font><br>
<font color="#ff0000">241d236</font><br>
<font color="#ff0000">< $ldapGroups = array(); // Kaufland
Added</font><br>
<font color="#ff0000">243,246d237</font><br>
<font color="#ff0000">< // Kaufland Added</font><br>
<font color="#ff0000">< if ($key == "groupMembership") {</font><br>
<font color="#ff0000">< $ldapGroups = $value;</font><br>
<font color="#ff0000">< }</font><br>
<font color="#ff0000">253,261d243</font><br>
<font color="#ff0000"><</font><br>
<font color="#ff0000">< // Kaufland Added</font><br>
<font color="#ff0000">< foreach ($ldapGroups as $group){</font><br>
<font color="#ff0000">< // Gruppenmitgliedschaft des
Benutzers pruefen</font><br>
<font color="#ff0000">< if ( $group ==
"cn=citrix,ou=portal,ou=sslvpn,ou=roles,o=kls") {</font><br>
<font color="#ff0000">< // Status des benutzers auf OK
setzten</font><br>
<font color="#ff0000">< $result = 1;</font><br>
<font color="#ff0000">< }</font><br>
<font color="#ff0000">< }</font><br>
<br>
<br>
<i>(See attached file: NSSLDAPAuthenticator.php)</i><i>(See
attached file: NSSDropbox.php)</i><br>
<br>
We know that this is a quick and dirty solution, but it works. <br>
<br>
Question from us is, if such a request can be implemented
cleanly in the installation Source?<br>
<br>
Mit freundlichen Grüßen / Best regards<br>
<br>
Patrick Gaikowski<br>
Tel: +49 7132 94 3568<br>
Fax: +49 7132 94 73568<br>
E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:patrick.gaikowski@kaufland.com">patrick.gaikowski@kaufland.com</a><br>
KI 967800 IT International / Infrastruktur<br>
Office:<br>
Lindichstrasse 11<br>
D-74189 Weinsberg<br>
<br>
<br>
<a moz-do-not-send="true" href="http://www.kaufland.de">http://www.kaufland.de</a>
<br>
<br>
Kaufland Informationssysteme GmbH & Co. KG<br>
Postfach 12 53 - 74149 Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Amtsgericht Stuttgart HRA 104163<br>
<br>
Diese Nachricht enthält vertrauliche Informationen und ist
ausschließlich für<br>
den Adressaten bestimmt. Jeder Gebrauch durch Dritte ist
verboten. Falls Sie<br>
die Daten irrtümlich erhalten haben, nehmen Sie bitte Kontakt
mit dem<br>
Absender auf und löschen Sie die Daten auf jedem Computer und
Datenträger.<br>
This message contains confidential information and is intended
solely for the<br>
use by the addressee. Any use of this message by a third party
is prohibited.<br>
If you receive this message in error, please contact the sender
and delete the<br>
data from any computer and data carrier. <br>
</p>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CITP CEng
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
</pre>
</body>
</html>