[support] passing vars part 2
aurfalien at gmail.com
aurfalien at gmail.com
Tue Jun 30 17:20:06 UTC 2009
Fair enough.
The big picture;
Creating LDAP/Zimbra users via Drupal based web site.
So far, I've been able to get the LDAP provisioning module (for
version 5) to work with a little tweaking as it doesn't assign
uidNumber or gidNumber which I found odd.
One has to enable the Samba LDAP module for uidNumber/gidNumber
generation which I didn't want to do as I had no real need for a Samba
PDC. I got my XP users to auth via LDAP using a free LDAP client for
XP called pGina. Besides, have you seen the fromage that has to be
added to LDAP for Windows users to auth against it?... very very ugly,
it pretty much triples the size of your LDIFs.
Anyways, the LDAP provisioning module now checks the OpenLDAP DB for
the highest uidNumber and assigns the next available one which is all
I really need it to do.
Now, I want to take it a step farther and have home dir creation with
several custom mods like custom .tcsh file, custom .mozilla folders,
etc and since this will not only auth XP, but Linux and OSX users, so
I had to create a custom dir template for OSX clients.
So I exec call a shell script from the ldapprov.module which does the
LDAP provisioning work and which also has mods to assign uidNumber.
Since I am mkdir, chmod, chown, cp/cpio, etc... in privileged areas of
the file system, I found that calling exec and modifying /etc/sudoers
to allow apache to run this script to be the best way to go rather
then relying on built in functions in PHP. And making apache run as
root is ass-inine so please don't go there.
I've also integrated this into something called Zimbra so I have user
mail accounts (Zimbra calls it user provisioning as it does more then
create a user mail box).
Basically I exec call a perl script from the Drupal LDAP provisioning
module that syncs my OpenLDAP with Zimbra LDAP and then custom mods
some stuff like forcing each new user to change there newly created
account having a generic password with something more private,
assigning them to various distribution lists, etc....
So basically, when I create (or any one else with the correct
credentials) creates a user in Drupal, they get a correctly setup LDAP
account, a correctly setup Zimbra account.
Now I realize that either an OSX Open directory or Windows AD solution
could have done this all, but we use many custom tools based on a
Linux back end and our heavily tweaked Drupal intranet was already
here when I came aboard so I had to work within the given
constraints. Not that Linux/Drupal is a constraint, by any means, in
fact it is liberating.
- aurf
> At 09:00 PM 6/29/2009, aurfalien at gmail.com wrote:
>> Hi,
>>
>> So I've taken it a step farther by doing this;
>>
>> exec('sudo /path/create_user.sh '.($username));
>>
>> But I would like to back ground this so it doesn't hang the process
>> if
>> it should fail. Plus I read thats its advisable to back ground exec
>> calls.
>>
>> I've tried several incarnations w/o success.
>
> What have you tried? Without a hint of what you've tried, we really
> can't help you.
>
> Also, if you can tell us what you're trying to accomplish, we may be
> able to suggest a better way of doing it. Also, so far you're
> questions have been pure PHP questions, which don't seem to have
> anything to do with Drupal, so it may be better to ask these
> questions on a forum with a dedicated PHP area.
>
> Ken
> --
> [ Drupal support list | http://lists.drupal.org/ ]
More information about the support
mailing list