Wednesday 30 November 2011

AD / OD Plugin - Some tweaks!

I've had feedback from people who have been testing and using this plugin, and there a number of changes that have been made which I though it would be best to document here.

stristr()
If you are a running an older version of PHP ( pre 5.3 I believe ) and you get the following error:
Wrong parameter count for stristr()

Change line 101 in ldap_class.php from:
$usercn = stristr($username,"@",true);
to:
if($pos=stripos($username,"@")) $usercn=substr($username,0,$pos);

This is because the function stristr was changed in version 5.3 and I'm using the newer features.

Changing the name displayed in RS
By default, the plugin is set to display the users name as FirstName LastName in RS, but this can be changed.
To use the displayname container in AD for example, change the following in ldap_class.php

Line 142, change from:
$retArr = array("sn", "givenname", "mail","cn");
to:
$retArr = array("sn", "givenname", "mail","displayname");

Line 152, from:
if (isset($info[0]['cn'][0])) { $retVar['cn'] = $info[0]['cn'][0]; }
to:
if (isset($info[0]['displayname'][0])) { $retVar['cn'] = $info[0]['displayname'][0]; }

This only works for AD, for OD other changes would have to be made. I intend to make this a drop down selection in the next version of the plugin.

Domain Login
When using Active Directory, the user is required to login with the format user@domain.
The reason for this is that the plugin is designed to work in an environment with cross domain trusts.
If you don't have multiple domains, then it's possible to change this behaviour by hardcoding the domain name into ldap_class.php

Change line 89 in ldap_class.php from:
$this->ldaprdn = $username;// ."@".$userContainer;
to:
$this->ldaprdn = $username ."@". "domainName";

Change line 103 from:
$filter="(samaccountname=".$usercn.")";
to
$filter="(samaccountname=".$username.")";

Again, this is a config feature I'm going to add to the next version.

I'd like to say thanks to everyone that has helped test and improve this, I'll add more tweaks as they become known.  

2 comments:

  1. Thanks for your work on this great plugin! Unfortunately we're having trouble getting it to work for the latest version of ResourceSpace (v3428) and our Active Directory server.

    We had it working before, and can't work out why it's no longer working - we keep getting an error now on the plugin configuration page;

    Error: Could not bind to AD, please check credentials .

    We've made a couple of edits to get this far;

    FIRST EDIT (As from your blog)

    Domain Login
    When using Active Directory, the user is required to login with the format user@domain.
    The reason for this is that the plugin is designed to work in an environment with cross domain trusts.
    If you don't have multiple domains, then it's possible to change this behaviour by hardcoding the domain name into ldap_class.php

    Change line 89 in ldap_class.php from:
    $this->ldaprdn = $username;// ."@".$userContainer;
    to:
    $this->ldaprdn = $username ."@". "domainName";

    Change line 103 from:
    $filter="(samaccountname=".$usercn.")";
    to
    $filter="(samaccountname=".$username.")";


    SECOND EDIT (As from the ResourceSpace forums)

    The solution was to insert into hooks/ldap_class.php
    after line 59 (ldap_set_option($this->ldapconn,
    LDAP_OPT_PROTOCOL_VERSION, 3);)
    following code:
    ldap_set_option($this->ldapconn, LDAP_OPT_REFERRALS, 0);

    Before when we made these edits we could get it working fine - any ideas how we might getting it working with the latest version of Resourcespace?

    Any help would be greatly appreciated!

    Thanks,
    Tristan.

    ReplyDelete
    Replies
    1. Hi Tristan
      I haven't tried this with that release of RS yet.
      Can you give me any more info on the error?

      Delete