LdapBundle icon indicating copy to clipboard operation
LdapBundle copied to clipboard

Published 20 hours ago verified publisher icon BorisMorel

Allow roles to be loaded recursively

Open ktsharp opened this issue 12 years ago • 3 comments

For large user bases, LDAP admins may wish to assign roles based on user groups.

When loading roles, the bundle should not only search for groups the user directly belongs to, but also to any ancestor groups of those groups. That way, roles assigned by user groups will be assigned correctly.

ktsharp avatar Feb 18 '13 22:02 ktsharp

:+1: for this PR. This would be a very nice feature to have.

jeremylivingston avatar Aug 14 '13 20:08 jeremylivingston

Maybe an additional config option that alters the behaviour of addLdapRoles. With addLdapRoles rather than checking for various flags it could be refactored to separate methods. To get memberOf from LDAP user :

if (true === $this->params['client']['get_roles_from_user']) { $tab = array(); // required or PHP complains that the array_push first param should be an array

    for ($i = 0; $i < $this->ldapUser['memberof']['count']; $i++) {
        $group = ldap_explode_dn($this->ldapUser['memberof'][$i],1)[0];
        array_push($tab, sprintf('ROLE_%s', strtoupper($group)));
    }
    $this->ldapUser['roles']=$tab;
    return;
}

detheridge02 avatar Oct 15 '14 08:10 detheridge02

This would be a really handy feature, @ktsharp are you able to PR what you did in your branch? (apologies if you already have and I couldn't find it)

jenkoian avatar May 28 '15 16:05 jenkoian