Ok, I have managed to fix is for my pourpose by editing:
/usr/share/ocsinventory-reports/ocsreports/backend/AUTH/methode/ldap.php:
Added:
$gr_output = $info[0]['memberof'];array_shift($gr_output);
//save user groups in session as separate data as well.
$_SESSION['OCS']['details']['groups']=$gr_output;/usr/share/ocsinventory-reports/ocsreports/backend/identity/methode/ldap.php:
Changed whole section of LDAP casing to:
$usr_gr=$_SESSION['OCS']['details']['groups'];
/*uncomment for debug
echo ("<pre>");
echo ("session information:<br>");
echo ("f1_name: ".$f1_name."<br>");
echo ("f1_value: ".$f1_value."<br>");
echo ("f2_name: ".$f2_name."<br>");
echo ("f2_value: ".$f2_value."<br>");
echo ("f2_value2: ".$f2_value2."<br>");
echo ("</pre>");
echo ("<pre>GROUPS:<br>");
print_r($usr_gr);
echo ("</pre>");
echo ("default Role: ".$defaultRole."</br>");
*/
//echo("USER is a member of the following groups: <pre>");
//print_r($usr_gr);
//echo("</pre>");
if ($f1_value != '')
{
//NEW CODE BELOW
//FIXME: casing? -> 'memberOf'
if ($f1_name == "memberOf")
{
//uncomment for debug
//echo("<b>Field 1 is set TO</b> LDAP attribute <b>".$f1_value."</b><br>");
// search through ldap user groups
if (in_array($f1_value, $usr_gr))
{
//uncomment for debug
//echo ("user :<b>".$_SESSION['OCS']["loggeduser"]." is a member</b> of group: <b>".$f1_value."</b><br>");
//echo ("and will be granted role: <b>".$config['LDAP_CHECK_FIELD1_ROLE']."</b><br>");
$defaultRole=$config['LDAP_CHECK_FIELD1_ROLE'];
} /*else {
echo ("user :".$_SESSION['OCS']["loggeduser"]." is NOT a member of group: ".$f1_value."<br>");
echo ("so user will be granted standard user role:<br>");
//echo ("LDAP_CHECK_FIELD1_VALUE: ".$config['LDAP_CHECK_FIELD1_VALUE']."<br>");
//echo ("f1_value: ".$f1_value."<br>");
$defaultRole=$config['LDAP_CHECK_FIELD1_ROLE'];
//if ($f1_value == $config['LDAP_CHECK_FIELD1_VALUE']) {
//$defaultRole=$config['LDAP_CHECK_FIELD1_ROLE'];
echo("now, default role is: ".$defaultRole."<br>");
//}
}*/
} else {
if ($f1_value2 == $config['LDAP_CHECK_FIELD1_VALUE']) {
$defaultRole=$config['LDAP_CHECK_FIELD1_ROLE'];
//uncomment for debug
//echo ("<b>Field 1 is NOT set</b> to LDAP attribute <b>memberof</b><br>");
//echo("<b>Now, default role is: ".$defaultRole."</b><br>");
}
}
/*
//the idea here is to iterate through the groups array looking for a match
//if we find it, unset the array and store only the match, else leave as it is
foreach($f1_value as $group){
if ($group == $config['LDAP_CHECK_FIELD1_VALUE'])
{
$f1_value=array();
$f1_value=$group;
}
}
*/
}
//the if below is now redundant since we already know that we have a match
//the coding can be improved, but the logic works.
//END NEW
if ($f2_value != '')
{ //IF below secures higher privileges from granted by field 1 to be overwritten by field2
if ($defaultRole !="sadmin" ) {
//NEW CODE BELOW
if ($f2_name == "memberOf")
{
//uncomment for debug
//echo("<b>Field 2 is set TO</b> LDAP attribute <b>".$f2_value."</b><br>");
// search through ldap user groups
if (in_array($f2_value, $usr_gr))
{
//uncomment for debug
//echo ("user :".$_SESSION['OCS']["loggeduser"]." is a member of group: ".$f2_value."<br>");
//echo ("and will be granted role: ".$config['LDAP_CHECK_FIELD2_ROLE']."<br>");
$defaultRole=$config['LDAP_CHECK_FIELD2_ROLE'];
}
} else {
if ($f2_value2 == $config['LDAP_CHECK_FIELD2_VALUE']) {
$defaultRole=$config['LDAP_CHECK_FIELD2_ROLE'];
//uncomment for debug
//echo ("Field 2 is <b>NOT</b> set to LDAP attribute <b>memberof</b><br>");
//echo ("Field 2 Value of: <b>".$f2_value2."</b>will be taken into account.<br>");
//echo("<b>Now, default role is: ".$defaultRole."</b><br>");
}
}
}Sources attached at:
http://miloszengel.com/downloads/ocsng/ocsng-ldap2.2-fixed.zip