Discussion forum for the LdapNgPlugin

-- MichaelDaum - 19 Jul 2006

Thanks Micha for sharing this Plugin with the TWikiCommunity!

Some feedback:

• What does the Ng in the Plugin name stand for? Possibly use a descriptive LdapQueryPlugin name instead?
• What is the reason to create a new Plugin, e.g. not extend the existing LdapPlugin?
• Is the LdapPlugin now obsolete?
• Installation instructions:
  • Mention to enable Plugin in configure to avoid the "gotcha"
• Plugin Info table:
  • How about measuring and documenting the PluginBenchmarks numbers?
  • Instead of Interwiki link, it might be better to use the full URL for the "Plugin Home" and "Feedback" links (visible when viewed and printed)
  • Add the Appraisal link

-- PeterThoeny - 19 Jul 2006

Yea, the plugin name is - let's say - rather adhoc (Ng = next generation). LdapQueryPlugin is ok. The reason for creating a new ldap plugin instead of modifying the LdapPlugin was that it was less effort. There were too many issues imho with the implementation of LdapPlugin. Time pressure was another issue as things were done for a client that needed a consistent suite. We now have two ldap plugins, I can't help it. Chosing one or the other depends on wether you already have the LdapContrib or not. Benchmarking the plugin would be nice but I have no time/money to do it. I use interwiki links in all of my plugins because that shortens urls. The "print" argument holds for all interwiki links though nobody complained so far and I doubt someone would. I will add the configure notion as well as th appraisal link. Thanks.

-- MichaelDaum - 20 Jul 2006

I note I get strange events. When it's time to to send out the notifications, it's just does this:

2006-08-16 20:46:04 cwd=XXXXXX 4 args: /usr/sbin/sendmail -t -oi -oeq
2006-08-16 20:46:04 XXXX "XXXX@XXXX" from env-from rewritten as "XXXX@XXXX" by rule 2
2006-08-16 20:46:07 cwd=XXXX 4 args: /usr/sbin/sendmail -t -oi -oeq
2006-08-16 20:46:08 XXXX "XXXX@XXXX" from env-from rewritten as "XXXX@XXXX" by rule 2
2006-08-16 20:46:12 cwd=XXXX 4 args: /usr/sbin/sendmail -t -oi -oeq
2006-08-16 20:46:13 XXXX "XXXX@XXXX" from env-from rewritten as "XXXX@XXXX" by rule 2

but doesn't actually send the e-mails. This ever since I installed this plugin.

-- EricCote - 16 Aug 2006

Thank Michael for that great plugin.
Can anybody tell me how to use search-filters with special characters, like german sn=Müller? On command-line ldap-clients, this filer has to be utf-8-encoded. What about the results? I retrieve the the utf-8 encoded "Müller". How can it be decoded?
I use {Site}{CharSet} = iso-8859-15 on my TWiki-configure. (TWiki yet doesn't support UTF-8 in the topics, isn't it?)
Thanks.

-- AlexanderScholler - 28 Aug 2006

Hi Alexander. Have a look at the latest LdapContrib and LdapNgPlugin. They now map the site's charset to utf8 and vice versa before accessing the LDAP server.

-- MichaelDaum - 18 Dec 2006

Thanks for the plugin Michael, it's been valuable for us.

I noticed a bug in the plugin. We have data fields in our LDAP repository that begin with the 'n' character (e.g. $name). Your plugin confuses them with line breaks ($n) which breaks the search clauses. I don't know enough Perl to contribute a patch for this but this is a problem other users can very well run into.

-- HarriLakkala - 02 Feb 2007

Harri: I have not looked at the code, but if you find something line this: s/\$n/\n/g, replace it with a zero-width negative lookahead, testing for non-alphanum characters: s/\$n(?![a-zA-Z0-9])/\n/g

-- PeterThoeny - 03 Feb 2007

What should I do if our corporate LDAP has multiple values for things like $cn and $mail? Is there someway to only display one of them? The first one, or the last one, or one matching some regex?

For instance, instead of using $cn in the format, what about $cn[0] or $cn['someRegex'] ?

-- DustinGooding - 08 Mar 2007

That's a cool idea.

-- MichaelDaum - 09 Mar 2007

I've tried playing with the SpreadSheetPlugin (using $percnt instead of %) inside the format string with options like LISTITEM and SEARCH but I can't find a reliable way to choose the correct entry in the list.

For example... each LDAP entry has three mail values. One current, one old, and one location specific (though the "current" one is the address folks should be using). Thus, $mail gives the following (in alphabetical order for each person, so it's always different):

first.m.last1@location.example.com, flast@old.example.com, first.m.last@example.com

How do I only display the

@example.com

-- DustinGooding - 12 Mar 2007

I apologize for thinking out loud. I figured out the above issue. Fairly simple...

$percntCALC{$LISTIF($SEARCH(@example.com, $item), $mail)}$percnt

-- DustinGooding - 12 Mar 2007

Any luck with the $cn issue? (our Ldap also uses it for different fields)

-- JosMaccabiani - 26 May 2007

Michael, how would I get the output from this plugin and stuff the results into variables? For instance, I search for a single UID and I want the sn and cn results stuffed into vars SN and CN, respectively. I tried a formatted SET and even CALC but neither seems to work and a search of SEARCH questions doesn't seem to cover something like this.

Thanks

-- SteveRJones - 18 Sep 2007

Answered on IRC

-- MichaelDaum - 21 Sep 2007

Would it be possible for you to provide LDAPGROUPNAMES and LDAPGROUPMEMBERS to give the results of LdapContrib's getGroupNames and getGroupMembers? Thanks.

-- CharlieReitsma - 22 Mar 2008

I looks like exclude can only work if you've only given it one single WikiName. Is that correct? If I try to give it a comma-separated list, as with many other parameters on TWiki, it ignores all of them. Is there another way to have it exclude a list of WikiNames?

-- DavidWolfe - 13 May 2008

Am I correct that %LDAPUSERS% can display +$wikiName=, but %LDAP% cannot? There seems to be some disparity between what is available in each of the calls. For example, %LDAP% can also get our Instant Message information from $apple-imhandle, while %LDAPUSERS% doesn't seem to be able to. I understand that the point of %LDAPUSERS% is to display a list of users. While %LDAP% seems to be intended to get individual information about a given record, I can use it to get the same list of users. The problem is that I can't get the same information all together in a single list. Am I missing something?

-- DavidWolfe - 13 May 2008