• web board with an LDAP server

    By Jake Ochs 2 decades ago

    I am currently integrating bulletin board with an LDAAP server. Unfortunately, as per common LDAP practice, the CN of the username isn't available. In this case I would like to default to using the UID component. I've taken to cheking for this circumstance in the person form and in the default views forms. Is there anytthing wrong with this practice? Will allowances be made for this circumastance in future releases?



    Also, When I click on my profile from a web browser, I get the profile document in read mode only, with no option to edit the document (sans the ?Editdocument URL trick) Is that by design? Where would the edit code for this function be? I am assuming that I need to modify something in the PersonWeb form but it's nnot inherently obvious…



    -J



    OOtherwise, of course, the product is quite awesome!

    • LDAP issues

      By Jake Ochs 2 decades ago

      In general, I have noticed that the LDAP UID issue isn;t reallly addressed systemically in this release, and would need to be for use in my environment. Perhaps I could be persuaded to be the focal point for this? Are there any other LDAP issues that I am not aware of?

    • Please

      By Michael Bourak 2 decades ago

      can u contact me via aim/ yahoo : mbourak



      I'll try to reproduce your config with LDAP (dombulletin is not tested for ldap support yet) so I see if we can overcome some current limitations



      thanks

      • will do

        By Jake Ochs 2 decades ago

        I was away on holiday for a week. I'll try to make some time to contact you soon.



        Regards,

        Jake

    • ETA on LDAP compliant version?

      By Jake Ochs 2 decades ago

      Hey Michael,



      First of all let me just say thank you for your dilogent work on getting domBulletin LDAP compliant. Do you have an ETA on when you'd have a version for me to test? I'd put it into a production environment immediately and help with the debugging and such.



      Best Regards,

      Jake

    • Re: LDAP integration in domBulletin

      By Christian Brandlehner 2 decades ago

      Hi!



      I tried domBulletin with LDAP today and want to give you detailed information on the problems with the existing design so we can start to handle this Enhancement Request.



      On my LDAP directory usernames look like this: "uid=SFP0XV3/cn=users/cn=IT/o=Our Company/c=at". After logging in, a new user profile is created in the domBulletin database. The $UpdatedBy field contains the LDPA-Username but the field Fullname just shows "users".

      After changing the Author-Field to "@Name([Abbreviate] ; @UserName)" the correct username is computed.

      Next step would be to change the link "view/ edit profile" to compute the correct link.

      Later on we would need to lookup the users Name, as the LDAP-Name is not really human readable.



      Christian

      • Lookup of real name

        By Mark Bryson 2 decades ago

        We use LDAP & I've been meaning to get domBulletin running here for months! I'd be more than glad to help if I can do anything. The formula below will lookup someone's real name in our environment which is based on Active Directory and distinguished names like this



        CN=baileypv/OU=xxxxx/OU=yyyyyy/OU=zzzzz/OU=uuuuuuu/DC=oooooooo/DC=ffffffff



        I've obviously changed the component values here!



        ln:=@Name([CN];@UserName);

        dn:=@Implode(@Replace(ln; @NameLookup( [Exhaustive]; ln; "cn");

        @NameLookup( [Exhaustive]; ln; "displayName"));"/");

        rn:=@If(@Left(dn;"(")="";dn;@Left(dn;"("));

        @If(@Contains(rn;","); @Trim(@Right(rn;",")+" "+@Left(rn;",")); ln )



        The two ifs at the end are because we have some people in the NAB too and because our display names are a mixture of formats. Apparently Exchange requires that all displayNames are unique so some of ours include the login name. You may not need such a long formula.



        This formula can fail if the login name (CN component above) is something like "michael" which causes @NameLookup to return too many hits from LDAP. The max number of hits can be adjusted in Directory Assistance.



        I've not been able to convert our LDAP administrators to provide a hierarchical name that would avoid this sort of thing. They tell me it is easy to add to the AD schema but currently impossible to take anything out!