Revision [6163]
This is an old revision of ActiveDirectory made by NilsLindenberg on 2005-02-18 18:01:58.
Using ActiveDirectory to identify the users
A solution
Using wikka as an Intranet knowledge management system, I don't want my user to signin in wikka because they already are known since they signed when booting their computer. However, we want to secure some pages through ACLs and we want to keep track of the modifications...So here is a quick and dirty solution that works but still as a prototype.
The code
1) Add a new field in the users database:
ALTER TABLE `wikka_users` ADD `alias`...I have no access TO my DB RIGHT now AND cannot remember what I put (alias IS SIMILAR TO the name FIELD);
1) Add the following code in wikka.config.php
"active_directory" => "1",
- how about an entry like "user_identification" with the values "wikka" and "active_directory"? Would make it easier to add other systems --NilsLindenberg
1) in wikka.php, just after:
// THE BIG EVIL NASTY ONE!
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
Add the following code:
// Check if active_directory is on and Active Directory user known
if (($this->config["active_directory"]) && (!$this->GetUser())) {
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
if (($this->config["active_directory"]) && (!$this->GetUser())) {
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
How to use it?
The current system of registration will still work for the users out of the ActiveDirectory with no alias in the users database . The capabilities can be set off by putting "active_directory" => "0" in the wikka.config.php.First, the users have to be somehow created (I would expect this do be done through a batch import of an ActiveDirectory). To test it quickly, simply fill the alias field with your ActiveDirectory alias and its done. You will not have to sign again and the system will recognise you.
To Do
Deliver a way to feed the users database with an export from an ActiveDirectory (it is easy).CategoryUserContributions
