LDAP default group - community.ez.no

Monday 09 January 2006 11:21:20 am - 4 replies

4 replies

Author	Message
Samuel Sauder	Wednesday 11 January 2006 10:38:00 am I finally got it to work. I will attempt to answer my own questions. 1. no 2. still don't know why this could be an array... 3. no and no. What I did find that worked is that my default LDAP group needs to be inside another User Group. If it is at the root of the Users object, things may fail.
j jevack	Thursday 02 February 2006 4:04:01 am Samuel, Regarding the LDAPUserGroup configuration, did you find the following to be an accurate explanation of how things worked (this is a part of another ldap forum post): <i> If the LDAPUserGroup is an array, then the first one will be the default placement of ldap users. If it's not, then all ldap users are stored in the same eZ publish user group. LDAPUserGroupAttributeType and LDAPUserGroupAttribute are used to specify which attribute of the ldap user object eZ publish should use when deciding where to place the users. So, an example: LDAPUserGroupType=name LDAPUserGroup[]=Default LDAPUserGroup[]=Secretary LDAPUserGroup[]=Clerk LDAPUserGroup[]=Boss LDAPUserGroupAttributeType=name LDAPUserGroupAttribute=employeetype Now, when logging in, eZ publish looks at the LDAP object, and finds the attribute whose name is employeetype, and reads its value. Then, eZ publish searches for an eZ publish user group whose name equals the given value. If it is found, then the user is stored there. If not, it is stored in Default. </i> I'm having trouble getting users stored in appropriate ezp groups. At this point, ezp is putting a user in every group specified in the LDAPUserGroup array regardless of the values in the LDAPUserGroupAttributeType/LDAPUserGroupAttribute variables. Thanks Jason
Daniel Sippel	Monday 27 February 2006 2:09:33 am Hello j jevack! I experienced the same problem as you with eZ publish 3.7.3, but I think this is not a bug. You have to specify only ONE LDAPUserGroup[], the one where the default LDAP-Users should be placed. Every time a user logs in and his LDAP attribute e.g. employeeType matches an existing group name in eZ publish, he will be placed in this group. Daniel
Samuel Sauder	Tuesday 28 February 2006 7:09:48 am Jason, from my experience Daniel is correct. Default means "if I can't find any (existing in EzPublish) groups that match (to LDAP groups) for this user." So if you define LDAPUserGroup as an array, it means if there is no match assign them to all these groups. (I think the above quote and example you mentioned is misleading.)

You must be logged in to post messages in this topic!