Re: [phpGroupWare-users] Strangness with phpgw and ldap...

[Benoit Hamet]

Hi Marco,

Marco Gaiarin a écrit :
> [another installation of PHPGW, totally unrelated to the sitemgr
> trouble exposed on past email, please don't mix this email! ;)]
> 
> 
> Ok, phpgw internally use the same nunberspace for users and group, so
> there's no way to have an user and a group with the same UID.
> 
> OK, as a tempative to fix this design flaw/behaviour, in LDAP schema
> the phpgwAccountID/phpgwGroupID: fields was added, so we can use
> different ID for POSIX and phpgw.
> 
> 
> I've recently added phpgw to an existing LDAP/Samba installation,
> imported user and group and found that there's no way to proper set
> ACL, because user acl override group and group acl override users, even
> if i've set phpgwAccountID=uidNumber+10000 to preventing ID clash.
> Also, membership are taken into account using POSIX ID, not phpgw ID.
> 
> 
> The only usefulness of phpgwAccountID/phpgwGroupID seems that the user
> can login (if i set phpgwAccountID=POSIX ID=some other group ID the user
> cannot login at all), but after that ACL and group membership are a
> mess.
> 
> 
> Right? I can do something about that?


Well, not sure it can be THE solution, but if I give you a patch which
uses group membership using the ldap system and not acl, could that help ?

Notice, that due to some "old applications" not relying on the
account->memberships function but doing it directly with acl, this patch
could not be safe. And since I don't have the time (yet) to write a
migration script, I hope that your accounts are ok.

I hope to be clear :)

Regards,

Caeies.