Tags:
create new tag
view all tags

Question

I have LdapContrib successfully installed on my system. When I set the group filter to be a compound statement, such as: (& (objectClass=group)(samaccountname=Dept*)), I get a listing of the groups, but the users do not get populated.

[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] called groupMembers(DeptWiki), referer: http://myTWiki/twiki/bin/view/Main/WebHome
[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] called getGroupMembers(DeptWiki), referer: http://myTWiki/twiki/bin/view/Main/WebHome
[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] called getGroup(DeptWiki), referer: http://myTWiki/twiki/bin/view/Main/WebHome
[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] called search(filter=(&((&(objectClass=group)(samaccountname=Dept*)))(cn=DeptWiki)), base=cn=users,dc=ds,dc=company,dc=com, scope=sub, limit=0, attrs=*), referer: http://myTWiki/twiki/bin/view/Main/WebHome
[Thu May 17 08:45:43 2007] [error] [client 1.1.1.1] 89: Bad filter, referer: http://myTwiki/twiki/bin/view/Main/WebHome

I have defined my Group Filter as '(&(objectClass=group)(samaccountname=Dept*))' so that I can optimize my query to return only groups that I care about. While the initial search is valid, if you look at the output above, the search string that gets constructed by the LdapContrib getGroup method is invalid, it is appending an extra 'and' operand. I have already specified that in my groups filter.
This is the format that LdapContrib should make, but it is not:
search(filter=(&(objectClass=group)(samaccountname=Dept*)(cn=DeptWiki)), base=cn=users,dc=ds,dc=company,dc=com, scope=sub, limit=0, attrs=*).

Please let me know how I can get past this.

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Linux 2.4.21-4.el (i686-linux-thread-multi-64int-ld)
Web server: Apache 2.2.4 w/mod_perl2.0.3
Perl version: 5.8.7
Client OS: Windows XP Prof SP2
Web Browser: IE 6.0
Categories: Authentication, Security, Authorisation

-- JosephMecca - 17 May 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

I wound up modifying the LdapContrib.pm to fit my scenario. While it isn't a robust solution that will work for any scenario, it solves my problem. For anyone who is interested, I had to modify only 1 line of code: 

From: my $filter = '(&('.$this->{groupFilter}.')('.$this->{groupAttribute}.'='.$wikiName.'))';
To:  my $filter = substr($this->{groupFilter},0, - 1).'('.$this->{groupAttribute}.'='.$wikiName.'))';

-- JosephMecca - 18 May 2007

Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2007-05-18 - JosephMecca
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.