Am going to have to do some coding for Moodle’s LDAP authorization system after break.
The course creators check in the LDAP module is wrongheaded (well, for us and most of the world, apparently fine for Novell E-Directory). It looks for the list of groups a user is a member of in the user’s LDAP object. Instead, we store the users that are members of a group as attributes in the group object.
New variables: $ldap_group_contexts, $ldap_group_attribute.
$ldap_group_contexts is similar to $ldap_contexts in that it lists the trees under which group objects can be found.
$ldap_group_attribute is like $ldap_user_attribute: it is the attribute that holds the name of the group.
$ldap_memberattrbiute is the attribute in the group object that has the username of the member.
$ldap_creators is a semicolon separated list of $ldap_group_attribute values that list the groups that are to be creators.
The search will be, one for every $ldap_group_contexts:
( & (memberUid=$username)( | (cn=$group1) (cn=$group2) … ))
and request the $ldap_group_attribute. If it matches any of $ldap_creators, then $username is a creator.
Posted by Rowan Littell at December 17, 2003 10:24 AM