Sugar Community Member
custom modules/User/authentication
Hey all. I want to make some changes to the LDAP authentaction to add roles based on groups in AD. But I want the changes to be upgrade safe, so I want to make it in the custom folder. However, copying modules/User/authentication to custom/modules/User/authentication doesnt work, it still reads the normal file. Is it possible to move these files to be customized in custom?
Sugar Community Member
Re: custom modules/User/authentication
Ok, this was actually relatively simple to do with a logic_hook for the before_save on the user module. Below is my logic hook. Basically I search AD for groups and then do a series of If/then to set a role based on what groups the member is. I dont do this for any admin accounts.
Code:public function auto_role( SugarBean $bean, $event, $arguments ) { if(!$bean->is_admin) { $GLOBALS['ldap_config'] = new Administration(); $GLOBALS['ldap_config']->retrieveSettings('ldap'); $server = $GLOBALS['ldap_config']->settings['ldap_hostname']; $base_dn = htmlspecialchars_decode($GLOBALS['ldap_config']->settings['ldap_base_dn']); if(!empty($GLOBALS['ldap_config']->settings['ldap_authentication'])){ $admin_user = htmlspecialchars_decode($GLOBALS['ldap_config']->settings['ldap_admin_user']); $admin_password = htmlspecialchars_decode($GLOBALS['ldap_config']->settings['ldap_admin_password']); }else{ $admin_user = ''; $admin_password = ''; } $user_attr = $GLOBALS['ldap_config']->settings['ldap_login_attr']; $bind_attr = $GLOBALS['ldap_config']->settings['ldap_bind_attr']; $port = $GLOBALS['ldap_config']->settings['ldap_port']; if(!$port) $port = DEFAULT_PORT; $ldapconn = ldap_connect($server, $port); $error = ldap_errno($ldapconn); if($this->loginError($error)){ return false; } ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); // required for AD //if we are going to connect anonymously lets atleast try to connect with the user connecting if(empty($admin_user)){ $bind = @ldap_bind($ldapconn, $user_name, $password); $error = ldap_errno($ldapconn); } if(empty($bind)){ $bind = @ldap_bind($ldapconn, $admin_user, $admin_password); $error = ldap_errno($ldapconn); } $attrs=array('memberOf'); $filter='(mail='.$bean->email1.')'; $result = @ldap_search($ldapconn, $base_dn, $filter, $attrs); $info = ldap_get_entries($ldapconn, $result); $groups=$info[0]['memberof']; $groupList=array(); for($i=0; $i<$groups['count']; $i++) { $grouplisting=$groups[$i]; $groupinfo=explode('=',$grouplisting); $groupname=$groupinfo[1]; $groupinfo=explode(',',$groupname); $groupname=$groupinfo[0]; array_push($groupList,$groupname); } if(in_array('SG_Management',$groupList)) { $role='admin'; } elseif(in_array('SG_Retail',$groupList)) { $role='Salesman'; } elseif(in_array('SG_IT', $groupList)) { $role='IT'; } else { $role='Guest'; } $qry="SELECT `id` FROM `acl_roles` WHERE `name`='".$role."' "; $result = $bean->db->query($qry); $role=$bean->db->fetchByAssoc($result); $bean->load_relationship('aclroles'); $bean->aclroles->add($role['id']); } }
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
Bookmarks