Revision [6246]
This is an old revision of ActiveDirectory made by ChristianBarthelemy on 2005-02-22 13:33:27.
Using ActiveDirectory to identify the users
Last edited by ChristianBarthelemy:
Still far from being finished...
Tue, 22 Feb 2005 13:33 UTC [diff]
Still far from being finished...
Tue, 22 Feb 2005 13:33 UTC [diff]
A solution
Using wikka as an Intranet knowledge management system, I don't want my user to signin in wikka because they already are known since they signed when booting their computer. However, we want to secure some pages through ACLs and we want to keep track of the modifications...So here is a quick and dirty solution that works but still as a prototype and it is only checking the computer name for now.
Prerequisites
You must allow php_ldapThe code
1) Add a new field in the users database:
ALTER TABLE `wikka_users` ADD `alias` VARCHAR(75) NOT NULL
1) Add the following code in wikka.config.php
"user_identification" => "active_directory",
- how about an entry like "user_identification" with the values "wikka" and "active_directory"? Would make it easier to add other systems --NilsLindenberg
- I agree - LDAP would be another option to add (some time) --JavaWoman
- Truly true - and it is done, good idea --ChristianBarthelemy
1) in wikka.php, just after:
// THE BIG EVIL NASTY ONE!
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
Add the following code:
// Check if active_directory is on and Active Directory user known
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
{
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
{
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
- Christian, I changed
-
if (($this->config["user_identification"]="active_directory") && (!$this->GetUser()))to
-
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
How to use it?
The current system of registration will still work for the users out of the ActiveDirectory with no alias in the users database . The capabilities can be set off by putting "user_identification" => "wikka" (default value) in the wikka.config.php.First, the users have to be somehow created (I would expect this do be done through a batch import of an ActiveDirectory). To test it quickly, simply fill the alias field with your computer name alias and its done. You will not have to sign again and the system will recognise your machine.
To Do
Deliver a way to feed the users database with an export from an ActiveDirectory (it is easy).Identify the ActiveDirectory ID of the user (not only the computer).
CategoryUserContributions