Use LDAP Groups as ACL Group Aliases in WackoWiki
bugs:13
Compatible with: R4.3
Credits: Sebastian Dietzold
New Implementation for R6.x
Anyone interested in implementing LDAP/AD in the current code base, please provide a patch against the repo head. We will help you then with adding the corresponding config module for the admin panel.With this hack, your WackoWiki gets an ACL Group Alias for every groupOfName Object. So you can reuse your LDAP Groups in your Wiki.
1. Put the file ldapgroups.php in your class dir
2. Customize it for your environment
2. Customize it for your environment
- LDAP connection parameters
- DIT location of your Groups
- preg_replace lines to generate the User WikiNames
<?php
global $wacko_config;
show_array($wacko_config['aliases']);
?>
4. Add this lines at end the of your config.php:
// Changes for ldap-groups include 'class/ldapgroups.php'; $wacko_config['aliases'] = add_ldap_groups_to_array($wacko_config['aliases']);
Now you can create an admin page with the action {{ldapgroups}} to display all possible ACL Group aliases.
ldapgroups.php
<?php
################################################################################
# CONFIG
################################################################################
$ldap_config['host'] = 'ldapserver.domain.tld';
$ldap_config['port'] = '389';
#$ldap_config['binddn'] = '';
#$ldap_config['bindpass'] = '';
$ldap_config['basedn'] = 'ou=Groups,dc=domain,dc=tld';
/**
* anonymous bind to ldap-server and return of the ldap-link
*/
function auth_anon ($ldap_config)
{
// connect
$ldap_config['link'] = ldap_connect($ldap_config['host'], $ldap_config['port']);
if (!$ldap_config['link'])
{
echo 'ldap_connect: failed';
return false;
}
// anonymus bind
if (!ldap_bind($ldap_config['link']))
{
echo 'ldap_bind: anonymous failed';
return false;
};
return $ldap_config;
}
function auth_named ($ldap_config)
{
// anonymous first
$ldap_config = auth_anon($ldap_config);
if ((!$ldap_config)||(!$ldap_config['link']))
{
echo 'auth_named: no ldap_link from auth_anon()';
return false;
};
if (!ldap_bind($ldap_config['link'], $ldap_config['binddn'], $ldap_config['bindpass']))
{
echo 'auth_named ldap_bind: failed';
return false;
}
}
/**
* This function will print all the keys of a multidimensional array in html
* tables. It will help to debug when you don´t have control of depths.
*/
function show_array($array)
{
echo '<table width="100%" border="1" bordercolor="#6699CC" cellspacing="0" cellpadding="5">
<tr valign="top">';
foreach ($array as $key => $value)
{
echo '<td align="center" bgcolor="#eeeeee">
<table border="2" cellpadding="3">
<tr>
<td bgcolor="#ffffff">' .
$key . '(<code style="white-space:pre;">' . $value . '</code>)
</td>
</tr>
</table>';
if (is_array($array[$key]))
{
show_array ($array[$key]);
}
echo '</td>';
}
echo '</tr></table>';
}
function add_ldap_groups_to_array($array)
{
global $ldap_config;
error_reporting(0);
$ldap_config = auth_anon($ldap_config);
$ds = $ldap_config['link'];
$sr = ldap_search($ds, $ldap_config['basedn'], 'cn=*');
ldap_sort($ds, $sr, 'cn');
$info = ldap_get_entries($ds, $sr);
for ($i = 0; $i < $info['count']; $i++)
{
$cn = $info[$i]['cn'][0];
#echo recode("UTF-8..", $info[$i]['cn'][0]) . "<br />";
$alias_string = 'Administrator';
for ($j = 0; $j < $info[$i]['member']['count']; $j++)
{
$dn = $info[$i]['member'][$j];
$dn = preg_replace("/^cn=/i", '', $dn);
$dn = preg_replace("/,.*/i", '', $dn);
$dn = preg_replace('/ 1$/i', '', $dn);
$dn = preg_replace("/ /i", '', $dn);
$alias_string .= "\n" . $dn;
}
#echo $alias_string . '<br>';
$array[$cn] = $alias_string;
}
#show_array($wacko_config['aliases']);
ldap_close($ds);
return $array;
}
#include '../config.php';
#show_array($wacko_config['aliases']);
#$wacko_config['aliases'] = add_ldap_groups_to_array($wacko_config['aliases']);
#show_array($wacko_config['aliases']);
?>
Links