Linux ITDB + LDAP implements ITDB import to LDAP users

Linux ITDB + LDAP implements ITDB import to LDAP users
Features to be implemented: in ITDB Hardware Management, users must be assigned to the hardware. This user wants to import data from LDAP users. Process: 1. Import LDAP to the ITDB database. However, after the import is successful, these users can log on to ITDB. By default, the permissions of the users added by ITDB from LDAP are read-only. Solution: How to import users to ITDB? When to import? Import at login? Or is it imported when a user is assigned to the hardware? One thing to note here is that ITDB has also developed the LDAP-based function. However, the official Update log shows that the LDAP function is not mature, so it can only meet the basic requirements of LDAP users. Permission control is also relatively simple. Either the added LDAP account has read-only permission or full permission. (It can be set separately after being added, or you can modify the parameters from the configuration file before importing. It should be in the initialization file, init. php) How does ITDB itself join LDAP users ??? Log on to the ITDB system as admin or admin. Then, set the LDAP server information in settings. Now you can use the user and password in LDAP to log on. You cannot set it for the first time. After you can connect to LDAP, you need to consider when to import all LDAP users (or select a branch) to ITDB. Open the itdb-1.22 source code. Find the init. php file to open. To the bottom, find "?> "That is, the end position of the Code. Insert the following code into the line before the question mark

//////////////////////////////////////// //////////////////////////////////////// $ Dsn1 = ldap_connect ("192.168.1.16 "); // connect to the ldap server $ srn1 = ldap_search ($ dsn1, "ou = People, dc = bawo, dc = cn", "(cn = *)"); // query the cn headers of ou = People, dc = bawo, dc = cn and return srn1 $ infon1 = ldap_get_entries ($ dsn1, $ srn1 ); // obtain the number of entries in srn1 and save it in the infon1 array for ($ I = 1; $ I <$ infon1 ["count"]; $ I ++) // start the loop to join the ITDB database // for ($ I = 0; $ I <3; $ I ++) // This is used For testing, only the first three users, 0, 1, and 2, are allowed to join the system, delete {$ usrn1 = trim (strtolower ($ infon1 [$ I] ["cn"] [0]); // change the username to lowercase, and then interrupt $ u = 0; $ u = getuserbyname ($ usrn1); // getuserbuname is used to check whether the user name exists in the ITDB database. If the user name does not exist,-1 is returned. If the user name exists, $ u is returned. If ($ u =-1) {$ rnd = mt_rand (); // create a random db_execute2 ($ dbh, "INSERT into users (username, cookie1, usertype) values (: username,: cookie1,: usertype) ", array ('username' => $ usrn1, 'cookie1' => $ rnd, 'usertype' => 2 )); // This usertype is the permissions granted by the user to create db_exec ($ dbh, "UPDATE users set cookie1 = '$ rnd' where username =' $ usrn1 );}} //////////////////////////////////////// ////////////////////

 

The significance of this Code is that, as long as you open the ITDB page, the user u = People, dc = bawo, dc = cn in LDAP will be updated to the ITDB database. Updates are made no matter whether the logon is successful or not.