Hi I've updated from beta2 to beta5 release and nested groups stopped working, then I realized that I already patched beta2 release to make nested work with my configuration. It is a bit hard to follow the changes so would be good if some one can bring some light to this.
I see that this function (note the s in Re[s/c]ursive):
LdapServer.class.php::groupMembershipsFromEntryResursive
has been replaced by
LdapServer.class.php::groupMembershipsFromEntryRecursive

but then I can see the first one still around in the code with a TODO tag, so it's a bit confusing. Anyway I have applied the same changes to LdapServer.class.php::groupMembershipsFromEntryRecursive (wich looks the same as the old one), and it seems to work as it used to.

Thx for such a great job with that module.

BR

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

vgalindus’s picture

fleck74’s picture

Doesn't working for me,
in my code, $current_group_entries doesn't contains other things that the ['count'] which we unset if isset. (its value is 0).

So in the foreach there is nothing and we go around this block.

Some ideas?

fleck74’s picture

After some test with the beautiful print_r command I've find my mistake, it's juste a config problem.

I've used your patch and it's work fine.

Thx !

fleck74’s picture

After some test, finally it doesn't work for some nested groups.

It's when the search of the recurent function begin with the node which is not in the list.
This is the code which I've produced to solve the problem but maybe there is a better solution to make a patch.
in the file : /modules/ldap/ldap_servers/LdapServer.class.php
Around the line 1716 :

public function groupMembershipsFromEntryRecursive($current_group_entries, &$all_group_dns, &$tested_group_ids, $level, $max_levels) {
	...
    $ors = array();
    foreach ($current_group_entries as $i => $group_entry) {
	  if (!in_array($group_entry['dn'], $tested_group_ids)) {
		$tested_group_ids[] = $group_entry['dn'];
		$all_group_dns[] = $group_entry['dn'];
	  }
      if(isset($group_entry[$this->groupUserMembershipsAttr])){
        for ($i=0; $i < $group_entry[$this->groupUserMembershipsAttr]['count'] ; $i++) {
          if ($this->groupMembershipsAttrMatchingUserAttr == 'dn') {
            $member_id = $group_entry[$this->groupUserMembershipsAttr][$i];
          }...

I've just add the lines :
if (!in_array($group_entry['dn'], $tested_group_ids)) {
$tested_group_ids[] = $group_entry['dn'];
$all_group_dns[] = $group_entry['dn'];
}

It's because the search in parent groups work fine but the base of the search was not added to the list.

Here I explain the case if someone want to make simple test :
For example, I've the user who belong to Group1.
Group1 belong to Group2 and Group2 belong to Group3.
So Group1 is in user's groups and the recurse search begin with Group2. So we find the Group3 and we add it to the list.
But we never add the Group2.

These lines correct this bug.

If someone can make a patch (if it pass the simple test) it will be nice because i don't know how I can do that.

(Maybe the patch of galindus have created this bug, I don't know :/)

vgalindus’s picture

Hi thanks for testing, I can't reproduce it.

I have set the same test scenario group1 -> group2 -> group3 and user is member of group 1. All 3 groups appear on my tests.

Can you add more info about your LDAP configuration?

I will change this as a bug report since it seems to work for other users.

BR.

vgalindus’s picture

Category: support » bug
fleck74’s picture

I'll try to help you,

First I need to really understand what you want :
your LDAP user is in the group 1 and you want he's in the three groups?
And when you test your config there is the three groups or just the first or two?

Apart from that, I've tested the current version of the code and it seems to work. You don't need patches of this issue I think.

If you can put your config in the server part and in the group part people can help you =)

have you make an user LDAP import? and if yes, did it work fine?

jakobdo’s picture

I have tested with the following:

User: user
Group: group
Group: subgroup

user is member of subgroup, and subgroup is member of group.
I have assigned a role to the group, but role is not assigned.

I'm using Active Directory Windows 2003.

**UPDATE**
In my case, nested group did not work, cause i did not type in the OU under "LDAP USER TO DRUPAL USER RELATIONSHIP" for my GROUPS. -> LDAP USER TO DRUPAL USER RELATIONSHIP"
When the ou for my nested groups was there and the right configs in "LDAP GROUP CONFIGURATION" it worked.

kenorb’s picture

Issue summary: View changes
Status: Active » Needs review
grahl’s picture

Status: Needs review » Needs work
grahl’s picture

Status: Needs work » Needs review

Status: Needs review » Needs work

The last submitted patch, 1: ldap_Nested-Groups-Mapping_2093039_2.patch, failed testing.

madrien’s picture

So from the patch failure message it appears that this patch isn't being applied to training whitespace?

@vaglindus, any chance you can fix this so it can be accepted? I actively use this patch and though every LDAP update I have to manually apply it each time.

grahl’s picture

grahl’s picture

Status: Needs work » Closed (outdated)

Closing issue as outdated due to no further development on 7.x, if you feel this issue is still relevant and you are willing to work on a patch and/or debug the problem, please reopen.