role equivalent groups

  • This still is a nice plugin, although there seem to be no updates anymore..

    We have a problem using the role equivalent groups. In other plugins:
    https://www.ads-software.com/support/topic/plugin-active-directory-authentication-integration-usernames-not-visibleworking-after-adlogin-creation
    and in the source:
    ad-integration.php:1660
    it says that the roles are in lower case. I am afraid that this is not quite correct. There is a role id (all defaults are in lower case) and a description, which has the first charater in upper case (for the default roles). For the mapping, only the role id is used. But when new roles are created, the ID does not have to be in lower case. Indeed, it is possible to created second “aDmInIsTrAtOr” role with Description “administrator”, with different capabilities. And both can be ‘mapped’ separately.
    Solution:
    Modify the function in the ad-integration.php:
    sanitize_role_equivalent_groups($text)
    by replacing
    $role = strtolower(substr($group,$pos+1)); // roles are always lowercase / Issue #0055
    with
    $role = substr($group,$pos+1); // role ids are case sensitive!!

    https://www.ads-software.com/plugins/active-directory-integration/

Viewing 1 replies (of 1 total)
  • Thread Starter nwoetzel

    (@nwoetzel)

    Another thought:
    Since the roles can be queried for the options interface of the plugin, the mapping could be validated against the valid roles before saving. Then any mapping error (for the roles at least) are caught.

Viewing 1 replies (of 1 total)
  • The topic ‘role equivalent groups’ is closed to new replies.

Tags