Ldapimport

LDAP Import for playSMS

Version

This change is compatible with playsms 0.9.5.2, 0.9.5.3

Summary

This is a plugin which is used to import/sync ldap users with playSMS users. Extract the the attached zip file into the plugin/tools directory adjust some settings in the config.php file (not really necessary, settings are on the main ldap import page too) a flat LDAP structure is required. Everything should be clear from code. Please read the discussion to avoid "user" loss on LDAP sync. If this is not clear even after reading the discussion please stop using LDAP Importer plugin to avoid any disillusionment and/or damage.

Installation

Unzip the attached zip file in the files section into the /playsms/plugin/tools/ directory. Refresh the playSMS page. You should then see a LDAP Import item in the tools menu.

playsms_ldapimport_002.PNG

Configuration

Parameters

The parameters in the config.php file can be adjusted for your convenience if you are going to use one specific server to sync with.

Parameter Description
LDAPIMPORT_DC_COMPANY This is the company part of the root dc=example, dc=com
LDAPIMPORT_DC_COUNTRY This is the country part of the root dc=example, dc=com
LDAPIMPORT_DEFAULT_PASSWORD This will be set as the default password for the user imported from LDAP a new user. Existing users will keep their passwords.
LDAPIMPORT_DEFAULT_CREDIT Default credit after import of a new account. In existing accounts the credit is not changed
LDAPIMPORT_DEFAULT_DAILYSMS This is relevant for new users from LDAP. Existing users (previously imported from LDAP) will keep their daily sms limit
LDAPIMPORT_DEFAULT_STATUS Users from LDAP are added as standard users not administrators

The next configuration parameters can be changed also on the LDAP Import main page. In the first part you have to configure the connection to your LDAP server.

Parameter Description
host LDAP server you are connecting to
port LDAP port
prot LDAP protocol version

Then the credentials to log into the server and the storage DN's where the users and the playSMS group can be found.

Parameter Description
user This is the user you are using to log into the LDAP server
group This is the DN under which the group for playSMS is stored. See the LDAP picture below in the LDAP Structure chapter
people This is the DN under which allyour users are stored. See the LDAP picture below in the LDAP Structure chapter
passwd This is the password used to login into the LDAP server with the user name which is stored in the user parameter see this table three rows upwards.

The last part is the actual mapping of the LDAP attributes to the playSMS_tblUser columns. Not directly but you can find out from the code.

LDAP Structure

The plugin requires a flat LDAP structure. Below is a screenshot of LDAP Admin with such a structure.

playsms_ldapimport_001.PNG

Usage

To operate the plugin you have to fill in the form with connection details and mapping information. This can be done also in the configuration part and the values are the same.

playsms_ldapimport_003.PNG

The fields should be selfexplanatory. After filling in the required values press Import. After the import the results page will appear.

playsms_ldapimport_004.PNG

If the plugin is failing for some or the other reason curb-up the log level to 4 in playSMS and look into the playSMS log file for reasons why it is not working (the default should be /var/log/playSMS). You can see your imported users in the Administration/Manage Users submenu.

playsms_ldapimport_005.PNG

Discussion

  • The accounts which are already present in the playSMS database will be erased/changed (accounts that were in the database before the first LDAP sync and their username can't be found in LDAP) ! The admin account is protected against deletion but it is not immune against attribute changes, that is if you have an admin defined in the LDAP it will sync the fullname, smsnum etc.
  • Basically if you have an user questj in playsms and do a first sync with LDAP and the LDAP contains a questj user the user will be updated with attributes from LDAP. If you have a user barneyr in playSMS before first (and any subsequent LDAP sync) this user will be removed.
  • As to why I do not import a password from the LDAP directory. The password can be just a hash (The playSMS stores plain passwords in the database). PlaySMS would need to know how to calculate the LDAP imported hash in order to authenticate users. In fact it would need to know each and every kind of hash to be of any use to everybody (Ok, LDAP does store the hash algorithm) You can always write code for playSMS to authenticate against LDAP.

Request

  • If anyone will create a language file please let me know I will gladly add it, also any translations.
  • Suggestions for improvement are welcome but implementation is not guaranteed.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-Share Alike 2.5 License.