Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: DAViCal: General

Automatically add members to (LDAP-) group

  

 
DAViCal general RSS feed   Index | Next | Previous | View Threaded


gunnar.gorges at zmaw

Jul 18, 2012, 2:07 AM

Post #1 of 4 (290 views)
Permalink
Automatically add members to (LDAP-) group
Hi everyone,

we are experimenting with importing LDAP-groups into Davical (config see
below).

After we were able to import a group we noticed that new users are not
automatically added to the group (in Davical). After manually syncing
LDAP groups with Davical they were added however.

This is not very practical in a large environment (we expect at least 50
groups when we roll out) because it produces a lot of administrative work.

Can anyone explain to me if this is intended behaviour, a mistake on my
end or simply not impelmented (hopefully: yet)?

Thanks and cheers,
Gunnar

-- LDAP groupfilter --
*snip*

'baseDNGroups' => 'ou=group,o=ldap,o=root',
'filterGroups' => "(cn=testgroup)",
'group_mapping_field' => array("username" => "cn",
"updated" => "modifyTimestamp",
"fullname" => "gecos" ,
"members" => "memberUid"
),

'default_value' => array("date_format_type" => "E"),
'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=>
array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
'startTLS' => 'yes', // Require that TLS is used for LDAP?

*snip*

--
Gunnar Gorges
Central IT Services - ZMAW
Mail:gunnar.gorges [at] zmaw
Tel.: +49 (0)40 41173 287
Attachments: smime.p7s (4.58 KB)


andrew at morphoss

Jul 18, 2012, 9:14 PM

Post #2 of 4 (281 views)
Permalink
Re: Automatically add members to (LDAP-) group [In reply to]
On Wed, 2012-07-18 at 11:07 +0200, Gunnar Gorges wrote:
> Hi everyone,
>
> we are experimenting with importing LDAP-groups into Davical (config see
> below).
>
> After we were able to import a group we noticed that new users are not
> automatically added to the group (in Davical). After manually syncing
> LDAP groups with Davical they were added however.
>
> This is not very practical in a large environment (we expect at least 50
> groups when we roll out) because it produces a lot of administrative work.
>
> Can anyone explain to me if this is intended behaviour, a mistake on my
> end or simply not impelmented (hopefully: yet)?

Just to be clear... are you saying that when a user logs in for the
first time, they are not being added to the LDAP groups that they are a
member of?

Or when a user logs in after their LDAP group memberships have changed,
their login details are not updated? In either case it sounds like a
bug.

Cheers,
Andrew.

>
> Thanks and cheers,
> Gunnar
>
> -- LDAP groupfilter --
> *snip*
>
> 'baseDNGroups' => 'ou=group,o=ldap,o=root',
> 'filterGroups' => "(cn=testgroup)",
> 'group_mapping_field' => array("username" => "cn",
> "updated" => "modifyTimestamp",
> "fullname" => "gecos" ,
> "members" => "memberUid"
> ),
>
> 'default_value' => array("date_format_type" => "E"),
> 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=>
> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
> 'startTLS' => 'yes', // Require that TLS is used for LDAP?
>
> *snip*
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________ Davical-general mailing list Davical-general [at] lists https://lists.sourceforge.net/lists/listinfo/davical-general

--
------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com +64(272)DEBIAN
Haste makes waste.
-- John Heywood
------------------------------------------------------------------------
Attachments: signature.asc (0.82 KB)


gunnar.gorges at zmaw

Jul 23, 2012, 2:35 AM

Post #3 of 4 (261 views)
Permalink
Re: Automatically add members to (LDAP-) group [In reply to]
Dear Ján,

> Use cron with the following script to automatically sync Davical with LDAP:
> /usr/share/davical/scripts/cron-sync-ldap.php

thanks for that, didn't know it.
I am not sure though no underlying problem exists (see Andrews mail).

> On Jul 18, 2012, at 11:07 AM, Gunnar Gorges <gunnar.gorges [at] zmaw> wrote:
>
>> Hi everyone,
>>
>> we are experimenting with importing LDAP-groups into Davical (config see below).
>>
>> After we were able to import a group we noticed that new users are not automatically added to the group (in Davical). After manually syncing LDAP groups with Davical they were added however.
>>
>> This is not very practical in a large environment (we expect at least 50 groups when we roll out) because it produces a lot of administrative work.
>>
>> Can anyone explain to me if this is intended behaviour, a mistake on my end or simply not impelmented (hopefully: yet)?
>>
>> Thanks and cheers,
>> Gunnar
>>
>> -- LDAP groupfilter --
>> *snip*
>>
>> 'baseDNGroups' => 'ou=group,o=ldap,o=root',
>> 'filterGroups' => "(cn=testgroup)",
>> 'group_mapping_field' => array("username" => "cn",
>> "updated" => "modifyTimestamp",
>> "fullname" => "gecos" ,
>> "members" => "memberUid"
>> ),
>>
>> 'default_value' => array("date_format_type" => "E"),
>> 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
>> 'startTLS' => 'yes', // Require that TLS is used for LDAP?
>>
>> *snip*
>>
>> --
>> Gunnar Gorges
>> Central IT Services - ZMAW
>> Mail:gunnar.gorges [at] zmaw
>> Tel.: +49 (0)40 41173 287
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
>> Davical-general mailing list
>> Davical-general [at] lists
>> https://lists.sourceforge.net/lists/listinfo/davical-general
>


--
Gunnar Gorges
Central IT Services - ZMAW
Mail: gunnar.gorges [at] zmaw
Tel.: +49 (0)40 41173 287
Attachments: smime.p7s (4.58 KB)


gunnar.gorges at zmaw

Jul 23, 2012, 6:30 AM

Post #4 of 4 (261 views)
Permalink
Re: Automatically add members to (LDAP-) group [In reply to]
Hi Andrew,

first of all thanks for your prompt answer!

Concerning your first question:
When a user logs in for the first time, they are indeed NOT added to the
LDAP-group they belong to. This only happens after manually syncing with
LDAP (or after the cronjob that Ján suggested ran for the first time).

As for the second question, the result is similar: When I remove a user
from the LDAP-group his membership in Davical remains as it is - until,
however, I run the script manually.

Thanks again for your help,
Gunnar

>> Hi everyone,
>>
>> we are experimenting with importing LDAP-groups into Davical (config see
>> below).
>>
>> After we were able to import a group we noticed that new users are not
>> automatically added to the group (in Davical). After manually syncing
>> LDAP groups with Davical they were added however.
>>
>> This is not very practical in a large environment (we expect at least 50
>> groups when we roll out) because it produces a lot of administrative work.
>>
>> Can anyone explain to me if this is intended behaviour, a mistake on my
>> end or simply not impelmented (hopefully: yet)?
>
> Just to be clear... are you saying that when a user logs in for the
> first time, they are not being added to the LDAP groups that they are a
> member of?
>
> Or when a user logs in after their LDAP group memberships have changed,
> their login details are not updated? In either case it sounds like a
> bug.
>
> Cheers,
> Andrew.
>
>>
>> Thanks and cheers,
>> Gunnar
>>
>> -- LDAP groupfilter --
>> *snip*
>>
>> 'baseDNGroups' => 'ou=group,o=ldap,o=root',
>> 'filterGroups' => "(cn=testgroup)",
>> 'group_mapping_field' => array("username" => "cn",
>> "updated" => "modifyTimestamp",
>> "fullname" => "gecos" ,
>> "members" => "memberUid"
>> ),
>>
>> 'default_value' => array("date_format_type" => "E"),
>> 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=>
>> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
>> 'startTLS' => 'yes', // Require that TLS is used for LDAP?
>>
>> *snip*
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________ Davical-general mailing list Davical-general [at] lists https://lists.sourceforge.net/lists/listinfo/davical-general
>


--
Gunnar Gorges
Central IT Services - ZMAW
Mail: gunnar.gorges [at] zmaw
Tel.: +49 (0)40 41173 287
Attachments: smime.p7s (4.58 KB)

DAViCal general RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.