Allowing group management in bridging Allowing group management in bridging
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Allowing group management in bridging

Started by Cyrolancer, July 26, 2012, 02:41:07 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Cyrolancer

Greetings!

I am working on the CPG LDAP Bridge and I try to update it regularly. For now, I am trying to understand how groups work. I have several questions about the group management.

1. What is "post based groups"? How they work? What will happen when I enable it under LDAP bridge?
2. Is there any way to enable CPG's own group management while using LDAP bridge? I am willing to write any kind of code to make this happen :)

Thanks

Αndré

Quote from: Cyrolancer on July 26, 2012, 02:41:07 PM
What is "post based groups"?
That are the groups that exist in your "board software".


Quote from: Cyrolancer on July 26, 2012, 02:41:07 PM
What will happen when I enable it under LDAP bridge?
I don't know. Give it a try.


Quote from: Cyrolancer on July 26, 2012, 02:41:07 PM
Is there any way to enable CPG's own group management while using LDAP bridge?
What exactly do you want to manage? You have to assign groups in the application you bridged to.

Cyrolancer

LDAP is not a board software, of course. It is a protocol that you access a database of records, such as email address and phone number. You can use LDAP to bypass the ordinary login system of CPG and redirect all login attempts to the LDAP server. Every software in the world can use LDAP to manage user authentication, and also store some hierarchical data (phone number, address, email etc.).

Using CPG bridge, you redirect all login attempts to some forum software, as well as the LDAP server. As you say in your message, the forums have member management systems and group management systems. You can also create groups in your LDAP server, but you cannot use them to manage CPG groups, you need to add them to your CPG database. That is the easiest way to make CPG handle the groups. The hard way goes far to the complete reprogramming of CPG login system. I don't have enough time to do such a big thing.

I am asking for one possibility: Is there any trick to make CPG Group Manager active when running in bridged mode? Should I play with the "post based groups" settings? Or are there some other things that I can do? Any idea can also work, I try to code it.

Thanks

Αndré

I haven't used the LDAP bridge and never used bridging at a live gallery (just used it for some tests to give basic bridge support). As far as I know the group manager still works when bridging is enabled, as you can set there some group specific settings. If you don't use post based groups, there should be only three groups: Admin, Registered, Guests. If you use post based groups, you should see all available groups from "board" (i.e. your LDAP server). I can just repeat, that I don't know if it works or what happens when you enable them during bridging, so just give it a try.

Cyrolancer

Thank you André. Somehow I forgot to comment out


$this->group_overrride = !$this->use_post_based_groups;


After commenting, group manager started to work.

Also, I have another question. In the default bridge template, there is a variable:


$this->multigroups = 1


Do you have any information about it?

Also, I am wondering if I can use subgroups in CPG?

Thanks a lot.

Αndré

Unfortunately I cannot give you any information about multigroups and subgroups.

Cyrolancer

I have found some references to multigroups.

in bridge/udb_base.inc.php

Quote
    function load_user_data($row)
    {
        global $USER_DATA;

        $USER_DATA['user_id'] = $row['id'];
        $USER_DATA['user_name'] = $row['username'];

        //changed to "row['group_id']" $group_id = $row[($this->usergroupstable)?$this->field['usertbl_group_id']:$this->field['grouptbl_group_id']];

        if  ($this->multigroups){
            $USER_DATA['groups'] = $this->get_groups($row);

        } else {
            if ($this->use_post_based_groups){
                $USER_DATA['groups'] = array(0 => $row['group_id']);
            } else {
                $USER_DATA['groups'] = array(0 => (in_array($row['group_id'], $this->admingroups)) ? 1 : 2);
            }
        }
    }

and the reference get_groups() function is empty.

Quote
function get_groups($row) {}

but in bridge/coppermine.inc.php

Quote
            // Get groups of which user is member
            function get_groups( $user )
            {
                $groups = array($user['group_id']);

                $sql = "SELECT user_group_list FROM {$this->usertable} AS u WHERE {$this->field['user_id']}='{$user['id']}' AND user_group_list <> ''";

                $result = cpg_db_query($sql, $this->link_id);

                if ($row = mysql_fetch_array($result)){
                    $groups = array_merge($groups, explode(',', $row['user_group_list']));
                }

                mysql_free_result($result);

                return $groups;
            }

and as far as I understand, it uses the groups inside the CPG not in the bridged software. I think, this is needed for the LDAP bridge as I use "user_group_list" column in users table.