[support] passing vars part 2

aurfalien at gmail.com aurfalien at gmail.com
Tue Jun 30 17:20:06 UTC 2009 

Fair enough.

The big picture;

Creating LDAP/Zimbra users via Drupal based web site.

So far, I've been able to get the LDAP provisioning module (for  
version 5) to work with a little tweaking as it doesn't assign  
uidNumber or gidNumber which I found odd.

One has to enable the Samba LDAP module for uidNumber/gidNumber  
generation which I didn't want to do as I had no real need for a Samba  
PDC.  I got my XP users to auth via LDAP using a free LDAP client for  
XP called pGina.  Besides, have you seen the fromage that has to be  
added to LDAP for Windows users to auth against it?... very very ugly,  
it pretty much triples the size of your LDIFs.

Anyways, the LDAP provisioning module now checks the OpenLDAP DB for  
the highest uidNumber and assigns the next available one which is all  
I really need it to do.

Now, I want to take it a step farther and have home dir creation with  
several custom mods like custom .tcsh file, custom .mozilla folders,  
etc and since this will not only auth XP, but Linux and OSX users, so  
I had to create a custom dir template for OSX clients.

So I exec call a shell script  from the ldapprov.module which does the  
LDAP provisioning work and which also has mods to assign uidNumber.

Since I am mkdir, chmod, chown, cp/cpio, etc... in privileged areas of  
the file system, I found that calling exec and modifying /etc/sudoers  
to allow apache to run this script to be the best way to go rather  
then relying on built in functions in PHP.  And making apache run as  
root is ass-inine so please don't go there.

I've also integrated this into something called Zimbra so I have user  
mail accounts (Zimbra calls it user provisioning as it does more then  
create a user mail box).

Basically I exec call a perl script from the Drupal LDAP provisioning  
module that syncs my OpenLDAP with Zimbra LDAP and then custom mods  
some stuff like forcing each new user to change there newly created  
account having a generic password with something more private,  
assigning them to various distribution lists, etc....


So basically, when I create (or any one else with the correct  
credentials) creates a user in Drupal, they get a correctly setup LDAP  
account, a correctly setup Zimbra account.

Now I realize that either an OSX Open directory or Windows AD solution  
could have done this all, but we use many custom tools based on a  
Linux back end and our heavily tweaked Drupal intranet was already  
here when I came aboard so I had to work within the given  
constraints.  Not that Linux/Drupal is a constraint, by any means, in  
fact it is liberating.

- aurf



> At 09:00 PM 6/29/2009, aurfalien at gmail.com wrote:
>> Hi,
>>
>> So I've taken it a step farther by doing this;
>>
>> exec('sudo /path/create_user.sh '.($username));
>>
>> But I would like to back ground this so it doesn't hang the process  
>> if
>> it should fail.  Plus I read thats its advisable to back ground exec
>> calls.
>>
>> I've tried several incarnations w/o success.
>
> What have you tried? Without a hint of what you've tried, we really  
> can't help you.
>
> Also, if you can tell us what you're trying to accomplish, we may be  
> able to suggest a better way of doing it.  Also, so far you're  
> questions have been pure PHP questions, which don't seem to have  
> anything to do with Drupal, so it may be better to ask these  
> questions on a forum with a dedicated PHP area.
>
> Ken
> --
> [ Drupal support list | http://lists.drupal.org/ ]

More information about the support mailing list