The MU forums have moved to WordPress.org

LDAP Group Support (10 posts)

  1. AaronNew
    Member
    Posted 12 years ago #

    I first want to thank everyone for the wonderful work Wordpress MU and the pluggins. I have the site up and running for my school system with a few plugins (with a few more to add in the future). I am using the LDAP-Authentication (http://wpmuldap.frozenpc.net) plugin and it is working beautifully. I would like to add AD group restrictions as several others have done. I have contacted the developer, and he does not have a planned release date for this feature. I want to add basic group functionality. I know DeanaS and kgraeme have done this, and probably others. Would anyone like to share thier code with me to add this functionality? I would need some help integrating it into the existing plugin as I am VERY new to php. I am familiar with html and asp/asp.net (I hope that isn't a dirty word around here).

    Thank you in advance.

  2. DeannaS
    Member
    Posted 12 years ago #

    Email me Aaron. It's deanna dot schneider at gmail dot com. My files just replace the existing ones - no code knowledge needed. Our version does not allow you to assign groups to roles. It only lets you authenticate against a security group instead of authenticating against an OU.

  3. kahless
    Member
    Posted 12 years ago #

    Deanna,

    How hard would it be to do groups to roles?

    Here is what I am imagining. We have our courses in LDAP which are being used for LDAP course creation and sync in Moodle. With that we are able to assign the role of instructor, TA, and student. I can see faculty wanting a course blog which would assign the professor to Admin, TA to Editor, and students to Contributors. I'm just not sure how in the world that would work. A look at the way Moodle handles creating course from LDAP might give some clues as to how to allow WordPress to create blogs against LDAP groups.

  4. DeannaS
    Member
    Posted 12 years ago #

    It would be relatively a pain in the butt, thanks. :) If you happen to be lucky enough to have a shibboleth server running, there's a shibboleth plugin out there for wordpress that might work for you.

    We've talked about the groups = roles thing here, too. But I'm really not sure how to implement it. There are a lot of levels to consider. I think the group/role relationship would have to be on a blog-by-blog basis. But, you'd also need some sitewide parameters. So, for example, everyone in "wordpress_users" could log in to your site as a subscriber.... but then on a blog by blog basis you'd choose more discreet security groups. But, how does blog creation happen to begin with? Who has that role. And, once someone is a blog admin, does that mean they can create any new blogs and be admin on those, too? Blah. Blah. Blah. So on and so on.

  5. andrea_r
    Moderator
    Posted 12 years ago #

    @kahless I see what you did there. ;)

    (back to regular thread)

  6. kgraeme
    Member
    Posted 12 years ago #

    @kahless check the author's blog.
    http://wpmuldap.frozenpc.net/2009/07/group-support-planning/

    He's the one to ask.

  7. ewendland
    Member
    Posted 12 years ago #

    DeannaS - I understand what you are saying about the difficulty of making assumptions about how groups define authorization. But say we ignore how the Blog is set up and just assume it is there and everyone in LDAP GroupA is an administrator and everyone in LDAP GroupB is a subscriber and nobody else has access... what is the best way to create a plugin that will honor dynamic "Role" information that comes from an external source?

    Blogs already carry information on their users and their users' roles. How can this mesh with the information coming from LDAP?

    I am new to the Wordpress framework so perhaps this is an incredibly stupid question, but you've been so helpful to other newbies in the past... :)

  8. axelseaa
    Member
    Posted 12 years ago #

    Basic allow/deny groups are currently available in the svn trunk for testing. Just a warning, the SVN trunk will only with with wordpress 3.0, and will not work with older versions.

    Roles -> group mapping is currently in the planning stages as well.

    More info at http://wpmuldap.frozenpc.net

  9. kgraeme
    Member
    Posted 12 years ago #

    Oh man. Now I'm really excited. axelseaa, I've got a nice single malt with your name on it if we can limit certain group users to not be able to create blogs.

    I know what we're testing next week!

  10. verta
    Member
    Posted 12 years ago #

    Hi,
    I have been following this with interest. We have the 2.x branch of the WPMU LDAP module working against our LDAP, and we also see a need for syncing LDAP groups and WP roles. Not to perform the authentication itself against a role, but a post-auth mapping for purposes of controlling access to parts of our site.

    It might be heresy to post this link here, but there is some PHP code in this open source project that I have used and it works.

    http://drupal.org/project/ldap_integration

About this Topic