Tags:
create new tag
, view all tags

Question

I have LdapContrib successfully installed on my system. When I set the group filter to be a compound statement, such as: (& (objectClass=group)(samaccountname=Dept*)), I get a listing of the groups, but the users do not get populated.

[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] called groupMembers(DeptWiki), referer: http://myTWiki/twiki/bin/view/Main/WebHome
[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] called getGroupMembers(DeptWiki), referer: http://myTWiki/twiki/bin/view/Main/WebHome
[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] called getGroup(DeptWiki), referer: http://myTWiki/twiki/bin/view/Main/WebHome
[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] called search(filter=(&((&(objectClass=group)(samaccountname=Dept*)))(cn=DeptWiki)), base=cn=users,dc=ds,dc=company,dc=com, scope=sub, limit=0, attrs=*), referer: http://myTWiki/twiki/bin/view/Main/WebHome
[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] 89: Bad filter, referer: http://myTwiki/twiki/bin/view/Main/WebHome

I have defined my Group Filter as '(&(objectClass=group)(samaccountname=Dept*))' so that I can optimize my query to return only groups that I care about. While the initial search is valid, if you look at the output above, the search string that gets constructed by the LdapContrib getGroup method is invalid, it is appending an extra 'and' operand. I have already specified that in my groups filter.
This is the format that LdapContrib should make, but it is not:
search(filter=(&(objectClass=group)(samaccountname=Dept*)(cn=DeptWiki)), base=cn=users,dc=ds,dc=company,dc=com, scope=sub, limit=0, attrs=*).

Please let me know how I can get past this.

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Linux 2.4.21-4.el (i686-linux-thread-multi-64int-ld)
Web server: Apache 2.2.4 w/mod_perl2.0.3
Perl version: 5.8.7
Client OS: Windows XP Prof SP2
Web Browser: IE 6.0
Categories: Authentication, Security, Authorisation

-- JosephMecca - 17 May 2007

Answer

ALERT! If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

I wound up modifying the LdapContrib.pm to fit my scenario. While it isn't a robust solution that will work for any scenario, it solves my problem. For anyone who is interested, I had to modify only 1 line of code: 

From: my $filter = '(&('.$this->{groupFilter}.')('.$this->{groupAttribute}.'='.$wikiName.'))';
To:  my $filter = substr($this->{groupFilter},0, - 1).'('.$this->{groupAttribute}.'='.$wikiName.'))';

-- JosephMecca - 18 May 2007

 
Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2007-05-18 - JosephMecca
 

Twitter Delicious Facebook Digg Google Bookmarks E-mail LinkedIn Reddit StumbleUpon    
  • Download TWiki
TWiki logo Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.