User roles/institutions and LDAP

hkunz · March 4, 2017, 5:01pm

Hi there,

I am using pro 6.0.7 with users from LDAP. It is possible to assign users imported from LDAP to roles?
In the admin panel I can only set roles for “database” users.

Another, slightly related question: if I am using the multi-institution features, can I assign users to institutions automatically from some information from LDAP? (similar to shibboleth)

Best,
Hp

daniel.pan · March 7, 2017, 11:58am

I will check the first problem tomorrow.

Assigning institutions via LDAP information is not implemented yet.

daniel.pan · March 9, 2017, 2:00am

It is not able to set roles for LDAP users yet. We assumed all users in LDAP are “normal users”. Is this feature important to you?

hkunz · March 9, 2017, 8:51am

Hi Daniel,

thanks you for confirming this (I already suspected as much).

Well, we have all our regular users in LDAP. We plan to have “normal users” and also “coordinators” that are allowed to invite guests. So, yes, to be able to assign LDAP users to roles is very important to as. It is also probable, that we will have guests in the LDAP too.

I think the requirements for LDAP users are more or less the same as for users coming from shibboleth, so it would also be very nice, if we could implement the feature to store the institution in LDAP.

If I can help in any way, please let me know.

Best,
Hp

daniel.pan · March 18, 2017, 2:26am

Hi,

Sorry for the late reply.

It is possible to get roles and institution from LDAP. Which fields in LDAP do you like to use?

The code of LDAP user sync is at: pro/python/seafevents/ldap_syncer/ldap_user_sync.py

The user’s institution is stored in table profile_profile: https://github.com/haiwen/seahub/blob/master/sql/mysql.sql#L643

If you can modify the code and send us a patch, it is much appreciated.

hkunz · March 20, 2017, 1:22pm

ok, thanks.

i will implement this in the next days and send you a patch.
(directly by e-mail)

best,
hp

hkunz · March 22, 2017, 8:48am

Hi Daniel,

can you give me a hint on where the role of a user is defined/stored?
apparently it is not in the table profile_profile.

Thanks,
Hp

daniel.pan · March 28, 2017, 10:05am

Sorry for the late reply.

It is defined in ccnet_db. I will give you a detailed answered tomorrow.

daniel.pan · March 28, 2017, 10:21am

Hi,

You can use ccnet_api.update_role_emailuser(email, role) to update user’s role. The users role is recorded in table UserRole.

hkunz · October 19, 2017, 12:51pm

Dear Seafile Team,

unfortunately, I was too occupied to work on this in the last few months. Lucky me, you have been more active

It is now possible to synchronize roles from LDAP and to assign users to institutions in the web frontend. Many thanks!

As soon as I find the time, I will implement the synchronization of institutions from LDAP and send you a patch.

Best regards and many thanks, we are very happy with seafile,
Hp