usergroup assignment on login

[Vieri <re...@yahoo.com>]

Hi,

I have users who login via LDAP and they are always assigned the default usergroup/organization.
How can I assign LDAP users to one group or another?
Maybe an ldap integer attribute would be enough so I could provision the OM usergoup ID each time an LDAP user logs in?

Vieri
 

Re: usergroup assignment on login

[Vieri <re...@yahoo.com>]

Hi Sebastian,

What you propose would work fine.

I hacked it in a different way:
I modified the LdapLoginManagement class and added an ldap_usergroups config key which would be set by the admin in the om_ldap conf files (not provided via LDAP server as an attribute). What I do then is create an om_ldap_*.cfg file for each functional group (eg. om_ldap_group1.cfg, om_ldap_group2.cfg, etc.). I also create the usergroups/organizations in the OM database (group1, group2, etc. - aka groupNAME) and record their IDs (groupID). For each om_ldap_* file I manually set  ldap_usergroups=groupID and then specify an LDAP search base as CN:groupNAME,CN:domain,CN:com, etc.

I like your idea better because it would be easier to maintain (and I would have to mess with group IDs).

just a note though: the LDAP "user group" field (String ldap_user_org_name) should not necessarily contian only one group ID. It could be an array of IDs, eg. "2 4 12". OM would need to extract a Long array from this String.

Are you planning on modifying the OM svn source code and add the feature you propose? If so, please let me know so I can test it and not duplicate the effort.

Thanks,

Vieri

--- On Wed, 2/13/13, seba.wagner@gmail.com <se...@gmail.com> wrote:

Hi Vieri,

sorry I just seen that email now. 
I would rather suggest we use the same mechanism comparable to the other ldap attributes:

Adding an ldap attribute with the name "ldap_user_org_name" (string value).


If the ldap_config key is not configured it will be using the default org for the user.
If this ldap config key is present and the LDAP search query returns a value for that key and if an org in OpenMeetings with that name exists, this org_id will be assigned to the user.


If not, the org with that name will be created in OpenMeetings and then that org_id used.

Sebastian


2013/2/12 Vieri <re...@yahoo.com>


Hi,



I have users who login via LDAP and they are always assigned the default usergroup/organization.

How can I assign LDAP users to one group or another?

Maybe an ldap integer attribute would be enough so I could provision the OM usergoup ID each time an LDAP user logs in?



Vieri






-- 
Sebastian Wagner
https://twitter.com/#!/dead_lock


http://www.webbase-design.de
http://www.wagner-sebastian.com


seba.wagner@gmail.com

Re: usergroup assignment on login

["seba.wagner@gmail.com" <se...@gmail.com>]

Hi Vieri,

sorry I just seen that email now.
I would rather suggest we use the same mechanism comparable to the other
ldap attributes:

Adding an ldap attribute with the name "ldap_user_org_name" (string value).
If the ldap_config key is not configured it will be using the default org
for the user.
If this ldap config key is present and the LDAP search query returns a
value for that key and if an org in OpenMeetings with that name exists,
this org_id will be assigned to the user.
If not, the org with that name will be created in OpenMeetings and then
that org_id used.

Sebastian


2013/2/12 Vieri <re...@yahoo.com>

> Hi,
>
> I have users who login via LDAP and they are always assigned the default
> usergroup/organization.
> How can I assign LDAP users to one group or another?
> Maybe an ldap integer attribute would be enough so I could provision the
> OM usergoup ID each time an LDAP user logs in?
>
> Vieri
>
>


-- 
Sebastian Wagner
https://twitter.com/#!/dead_lock
http://www.webbase-design.de
http://www.wagner-sebastian.com
seba.wagner@gmail.com