chuhn
commented
5 years ago What's still unclear to me is the assignent of $g++ which I copied from https://github.com/opennetadmin/ona/blob/53c03bcd8eccd7216ec9cc8ab8c70a44d58fa08d/www/include/auth/ldap.class.php#L221
AFAICT the correct groups.id for the given group name should looked up and assigned here instead ie.
ona_get_record('groups', "name like '{$match[1]}'")Another feature I'd be interested in would be to deny access to users that are not members in any group known to ONA. From my observation they are implicitly added to the default group at the moment.
This patch adds mapping support for groupOfUniqueNames groups in LDAP authentication.
Example: 1) The authenticated user is a member of the group
cn=PREFIX_ADMIN,cn=Groups,dc=example,dc=com. 1) The following mapping is defined:$conf['auth']['ldap']['mapping']['grps'] = array('cn'=>'/PREFIX_(.+)/i');1) The user will be member of the ONA groupADMINAdditionally there is a small tweak to allow email addresses as login names.