The MU forums have moved to WordPress.org

LDAP Authorization / groups in WPMU? (8 posts)

  1. liamr
    Member
    Posted 17 years ago #

    I've an idea for a plugin, but don't know how feasible it is. I'd like to be able to assign roles within WPMU to LDAP groups rather than individual users.

    I guess to start, WP(MU) would need the concept of groups, which it doesn't seem to have.

  2. michaelroy
    Member
    Posted 17 years ago #

    I work at a small college, and we are thinking about adopting wordpress multiuser for our enterprise blogging platform, and we too would LOVE to be able to provide access control (posting, editing, viewing, etc.) via LDAP defined groups.

  3. seanwedig
    Member
    Posted 17 years ago #

    I have to agree - this would be a nice feature of the LDAP plugin. I've been working with the codebase, so maybe this is a feature that would be useful?

    And I would suggests doing this for the LDAP plugin instead of as a entirely new plugin - the core classes for connecting to the LDAP server seem pretty solid (though I have not touched them much).

    liamr, if you're even still reading these forums, have you made any progress on this?

    -sean

  4. philipcrandall
    Member
    Posted 16 years ago #

    Has anyone been working on this? I'm interested in picking up the challenge, but I have a few questions if anyone has the time to answer them.

    I'd like to create a plugin that utilizes the LDAP Authentication plugin classes.

    Since users are not added to the local database (and therefore have no user id to assign permissions to in the wp_usermeta table), I was thinking that I would like to create a new table along the lines of wp_groupmeta with gmeta_id,group_id,meta_key,and meta_value (the group id would contain the ldap group name).

    Question: Could permissions be added by overriding the get_userdata function and adding the permissions to the cache. Are all of the permissions for a user's interactions determined from the cache? Or, are there instances where wp_usermeta is read again?

    The idea being that I would search LDAP for the groups that a user belongs to and then compare that against the wp_groupmeta entries, granting permission appropriately by adding it to the user's entry in the wp_cache.

    It's quite possible that I'm not anywhere close to correct on how permissions are handled in mu, so I hope to be corrected if I'm wrong.

    Better ways of going about it would also be greatly appreciated.

    philip

  5. seanwedig
    Member
    Posted 16 years ago #

    Hey, philipcrandall,

    You can take a look at the WPMU LDAP code - it's in a SourceForge.net project. For this plugin, it does actually create a proxy-WPMU account, but it's just a dummy to tie to WPMU permissions and the like. I'd be interested in hearing your ideas for the plugin, though...

  6. ldaley
    Member
    Posted 16 years ago #

    I am in the same boat here. Need this kind of functionality to restrict read and write to specific blogs based on LDAP groups. Am willing to help out with code.

  7. philipcrandall
    Member
    Posted 16 years ago #

    hey there sean and ldaley. i've made some progress on the plugin. i figured out how to add permissions to the cache on login. i've gotten as querying ldap and the database and adding permissions accordingly. i'd love to have some peer review of/help on my work to see what another set of eyes turns up and/or get some different ideas. there are a few things remaining to do. check out my site for details. contact me and i'll be happy to get you the code i've been working on. sean, you worked on the code for the ldap auth plugin, did you not? the group authorization plugin draws on the core classes from the ldap auth plugin. maybe this could be added to that project?

  8. a5Ben
    Member
    Posted 16 years ago #

    Any progress on your code, Phillip? We would love to see what you have so far!

About this Topic