 |
|
 |
 |
 |
Would it be possible for Roles to be created in KBPUblisher that were actually the names of AD groups and when a user authenticates into KBPublisher, KBpublisher checks which group they belong. ie we have Ad groups created with names such as KBPublisher-Staff, KBPublisher-Students etc.
It would also be great if the same could be done with Privileges. ie we have Ad groups created with names such as KBPublisher-Admin, KBPublisher-Moderator etc.
It is possible.
You have to create all required roles and privileges in KBPublisher.
When remote user authenticates you need to know his/her privilege and role
and associate it with privilege and role defined in KBPublisher.
Quick example:
function remoteDoAuth($username, $password) {
// LDAP routine, return user data if authenticated
$user = getLdapUser($username, $password);
// if found
if($user) {
// assign a priv to user (optional)
// here we should associate LDAP priv with KBPublisher priv
if($user['ldap_priv']) {
$user['priv_id'] = 3; // 3 is id for KBPublisher priv
}
// assign a role to user (optional)
// here we should associate LDAP role with KBPublisher role
if($user['ldap_priv']) {
$user['role_id'] = 1; // 1 is id for KBPublisher role
}
}
return $user;
}
You must log in to post.
 |
 |