[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] Updating to rc3...
From: |
Benoit Hamet |
Subject: |
Re: [Phpgroupware-users] Updating to rc3... |
Date: |
Mon, 16 Feb 2004 14:10:37 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031221 Thunderbird/0.4 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
As Dave says, I have some (little :) responsability for the new design
of the LDAP system.
You will find some response in the body of the message.
Some others could be find in the forum (just look at the biggest thread
in the phpgwapi section):
(hum the site is currently down :/ so I didn't have the URL :)
Marco Gaiarin wrote:
Apart this real problem, i've found another one: if i try to login with
my user (gaio) or user guest i got:
account/group id conflict - bad luck
and nothing more. Aided by grep i've found class.accounts_ldap.inc.php
and the function get_type() that verify if an ID is a user or a group.
That's (if I remember) for historical reasons, don't forget that phpgw
is designed for some SGBD too and the system should be more or less
compatible. So some design of phpgw (at least in the .16) need that
groups AND people have differents ID's. Take a look at the SQL table to
understand why.
Really there's a conflict, gaio have id 1000 as group sysman (changed
to 666 ;), and guest have id 999 as group guests (changed to 998).
But after modifying this nothing changed. I've learned some things:
+ again there's no support for having the same id for user and group.
I've deployed the ldap server with the phpgw installation, so for me
there's no a big problem, but again i think this is a problem if phpgw
have to be integrated in a complex and UNIX-minded LDAP environment.
As I said before, we cannot change the whole design of phpgw only to fit
the LDAP system. It's true that in real case this is very annoying (yes
I have this problem, and more...), but in this case I think that some
part of the api should be modified heavily (Dave could you confirm/deny
this ?) ...
+ new LDAP schema add a mandatory field phpgwAccountID and
phpgwGroupID, but looking into class.accounts_ldap.inc.php code, seems
that they are not used, but is used the more standard uidNumber and
gidNumber. This for me sounds really strange. A mandatory unused
field?! ;)
I need to investigate this. I think that's there was some request on
this on the forum, but couldn't remember what/why... Perhaps this is
used in the ACL fields ?
+ after modifying with GQ the ldap data so that there's no more user
and group with the same ID (modifing group sysman and guests as above)
still the login print ``account/group id conflict - bad luck''.
I've had to comment out the die() row in get_type() function...
I need to make some test about this issue. Perhaps a cache problem or
something else...
+ AFAIK phpgw i expect that a change in ID of groups guests and
sysadmin will brake some things, like user gaio not more in group syadm
and user guest no more in group guests, but... i'm still in group
sysman... the information ``user X in group Y'' now are stored in LDAP
and not in acl tables?! This will be wonderful! ;-)))
That's true. Groups are now in LDAP (ie "user X in group Y"), so you can
use external resources with them. But, remember that ACL are very
important for access to the phpgw system. So If you change the id, you
can loose some infos in the ACL table. so be very carefull with this (at
least change the id in both LDAP system and ACL's.
Benoit Hamet (aka Caeies).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAMMFNd/RrA5d/NgMRAvD5AKCLRN6HZvzca43TvTL2/nW6OTGumQCeNfHy
hPijKBztPyMOBppOQ5iyVkA=
=L+U+
-----END PGP SIGNATURE-----