Wiki source for ActiveDirectory
====Using ActiveDirectory to identify the users====
{{lastedit show="3"}}
===A solution===
Using wikka as an Intranet knowledge management system, I don't want my user to signin in wikka because they already are known since they signed when booting their computer. However, we want to secure some pages through ACLs and we want to keep track of the modifications...
So here is a quick and dirty solution that works but still as a prototype and it is only checking the computer name for now.
===Prerequisites===
You must allow php_ldap
===The code===
1) Add a new field in the users database:
%%(sql)
ALTER TABLE `wikka_users` ADD `alias` VARCHAR(75) NOT NULL
%%
1) Add the following code in wikka.config.php
%%(php)
"user_identification" => "active_directory",
%%
~&how about an entry like "user_identification" with the values "wikka" and "active_directory"? Would make it easier to add other systems --NilsLindenberg
~~&I agree - LDAP would be another option to add (some time) --JavaWoman
~~~&Truly true - and it is done, good idea --ChristianBarthelemy
1) in wikka.php, just after:
Shouldn't it be Wakka.class.php now??? /AndreasHeintze
%%(php)
// THE BIG EVIL NASTY ONE!
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
%%
Add the following code:
%%(php)
// Check if active_directory is on and Active Directory user known
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
{
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
%%
~&Christian, I changed
~&%%(php)
if (($this->config["user_identification"]="active_directory") && (!$this->GetUser()))
%% to
~&%%(php)
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))%%
~&--NilsLindenberg
~~&I found that in my intranet environment I needed to modify the function ""GetUserName()"" in wikka.php to use the AUTH_USER server variable:
~~&%%(php)
function GetUserName() {
if ($user = $this->GetUser())
$name = $user["name"];
// start of new code
else if (!$name = $_SERVER["AUTH_USER"])
$name = $_SERVER["AUTH_USER"];
//end of new code
else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"]))
$name = $_SERVER["REMOTE_ADDR"];
return $name;
}
%%
~~&--JulianElve
===How to use it?===
The current system of registration will still work for the users out of the ActiveDirectory with no alias in the users database . The capabilities can be set off by putting "user_identification" => "wikka" (default value) in the wikka.config.php.
First, the users have to be somehow created (I would expect this do be done through a batch import of an ActiveDirectory). To test it quickly, simply fill the alias field with your computer name alias and its done. You will not have to sign again and the system will recognise your machine.
===To Do===
Deliver a way to feed the users database with an export from an ActiveDirectory (it is easy).
Identify the ActiveDirectory ID of the user (not only the computer).
----
CategoryUserContributions
{{lastedit show="3"}}
===A solution===
Using wikka as an Intranet knowledge management system, I don't want my user to signin in wikka because they already are known since they signed when booting their computer. However, we want to secure some pages through ACLs and we want to keep track of the modifications...
So here is a quick and dirty solution that works but still as a prototype and it is only checking the computer name for now.
===Prerequisites===
You must allow php_ldap
===The code===
1) Add a new field in the users database:
%%(sql)
ALTER TABLE `wikka_users` ADD `alias` VARCHAR(75) NOT NULL
%%
1) Add the following code in wikka.config.php
%%(php)
"user_identification" => "active_directory",
%%
~&how about an entry like "user_identification" with the values "wikka" and "active_directory"? Would make it easier to add other systems --NilsLindenberg
~~&I agree - LDAP would be another option to add (some time) --JavaWoman
~~~&Truly true - and it is done, good idea --ChristianBarthelemy
1) in wikka.php, just after:
Shouldn't it be Wakka.class.php now??? /AndreasHeintze
%%(php)
// THE BIG EVIL NASTY ONE!
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
%%
Add the following code:
%%(php)
// Check if active_directory is on and Active Directory user known
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
{
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
%%
~&Christian, I changed
~&%%(php)
if (($this->config["user_identification"]="active_directory") && (!$this->GetUser()))
%% to
~&%%(php)
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))%%
~&--NilsLindenberg
~~&I found that in my intranet environment I needed to modify the function ""GetUserName()"" in wikka.php to use the AUTH_USER server variable:
~~&%%(php)
function GetUserName() {
if ($user = $this->GetUser())
$name = $user["name"];
// start of new code
else if (!$name = $_SERVER["AUTH_USER"])
$name = $_SERVER["AUTH_USER"];
//end of new code
else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"]))
$name = $_SERVER["REMOTE_ADDR"];
return $name;
}
%%
~~&--JulianElve
===How to use it?===
The current system of registration will still work for the users out of the ActiveDirectory with no alias in the users database . The capabilities can be set off by putting "user_identification" => "wikka" (default value) in the wikka.config.php.
First, the users have to be somehow created (I would expect this do be done through a batch import of an ActiveDirectory). To test it quickly, simply fill the alias field with your computer name alias and its done. You will not have to sign again and the system will recognise your machine.
===To Do===
Deliver a way to feed the users database with an export from an ActiveDirectory (it is easy).
Identify the ActiveDirectory ID of the user (not only the computer).
----
CategoryUserContributions
