Comments on: CakePHP with full CRUD, a living example! http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/ If I have seen a little further it is by standing on the shoulders of Giants. - Newton Sat, 06 Mar 2010 03:11:23 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: analogrithems http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1018 analogrithems Sat, 06 Mar 2010 03:11:23 +0000 http://www.analogrithems.com/rant/?p=13#comment-1018 I've been trying to decide if it should be a config option, or if it should be case statement t try to discover what the ldap server type is. I’ve been trying to decide if it should be a config option, or if it should be case statement t try to discover what the ldap server type is.

]]> By: Benedikt Trefzer http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1017 Benedikt Trefzer Fri, 05 Mar 2010 14:58:09 +0000 http://www.analogrithems.com/rant/?p=13#comment-1017 Hi I managed to use your database model for a cakephp project connecting to openldap. Good work, congrats. But I made several changes, which I like to share with you: Function update: if((!$this->in_arrayi('userpassword', $update))&& (isset($entry['userpassword']))){ => password needs to be set, to unset. Found the problem, when updating entries without password (eg objectclass top). same for the following lines: if (isset($entry['count'])) { unset($entry['count']);} if (isset($entry['dn'])) { unset($entry['dn']); } For the return value of the function, I added a return true, if $entry is empthy (if you call update but nothing changes....) To make the whole story to work with openldap, I changed all occurences of 'attributetypes' with 'olcattributetypes' and all occurences of 'objectclasses' with 'objectclass'. Then I made: $schemaDN = 'cn=schema,cn=config'; (added cn=config). Probably it would be a good thing to make this hardcoded things a config option in the database definition. I still have problems with adding new entries, but give me some time to find out :) Another trouble: Paging does not work (not implemented, needs limit of data) and Sort is also not working. Could you please tell me if sort is working for you ? If you like my changes as a path, let me know. Regards Benedikt Hi
I managed to use your database model for a cakephp project connecting to openldap. Good work, congrats.
But I made several changes, which I like to share with you:

Function update:
if((!$this->in_arrayi(‘userpassword’, $update))&& (isset($entry['userpassword']))){
=> password needs to be set, to unset. Found the problem, when updating entries without password (eg objectclass top).
same for the following lines:
if (isset($entry['count'])) { unset($entry['count']);}
if (isset($entry['dn'])) { unset($entry['dn']); }

For the return value of the function, I added a return true, if $entry is empthy (if you call update but nothing changes….)

To make the whole story to work with openldap, I changed all occurences of ‘attributetypes’ with ‘olcattributetypes’ and all occurences of ‘objectclasses’ with ‘objectclass’.
Then I made: $schemaDN = ‘cn=schema,cn=config’; (added cn=config).
Probably it would be a good thing to make this hardcoded things a config option in the database definition.

I still have problems with adding new entries, but give me some time to find out :)
Another trouble: Paging does not work (not implemented, needs limit of data) and Sort is also not working. Could you please tell me if sort is working for you ?

If you like my changes as a path, let me know.

Regards Benedikt

]]> By: analogrithems http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1015 analogrithems Thu, 11 Feb 2010 11:17:48 +0000 http://www.analogrithems.com/rant/?p=13#comment-1015 The foriegn key is how you want to index your ldap data. If you have the cn and want all your lookups in a certain controller/model to be via the cn then use the cn as your primary group. This works well in ou=people or ou=group context. If you are referring to any object in the tree, or you don't specify the foriegn key then it will be dn. The foreign key is just the index really. In your situation I would make my departments groupofuniquenames and follow the traditional ldap DIT (Directory information tree). Then include each users dn in that group. This make more sense in the long run also because if you are using something like apache to perhaps restrict access to a site (For example only billing department can access billing records page). Then you'll be happy you followed the standard convention because you can tell apache only people in the group 'cn=billing, ou=groups,dc=example,dc=org' are allowed access. Also some people may be in multiple departments. What do you do then? In the group context it's perfectly fine to have someone in multiple groups. From the IT perspective I've found I often place my IT people in each group to verify they work. This makes it easier for them to support the end users. The foriegn key is how you want to index your ldap data. If you have the cn and want all your lookups in a certain controller/model to be via the cn then use the cn as your primary group. This works well in ou=people or ou=group context. If you are referring to any object in the tree, or you don’t specify the foriegn key then it will be dn. The foreign key is just the index really.

In your situation I would make my departments groupofuniquenames and follow the traditional ldap DIT (Directory information tree). Then include each users dn in that group. This make more sense in the long run also because if you are using something like apache to perhaps restrict access to a site (For example only billing department can access billing records page). Then you’ll be happy you followed the standard convention because you can tell apache only people in the group ‘cn=billing, ou=groups,dc=example,dc=org’ are allowed access. Also some people may be in multiple departments. What do you do then? In the group context it’s perfectly fine to have someone in multiple groups. From the IT perspective I’ve found I often place my IT people in each group to verify they work. This makes it easier for them to support the end users.

]]> By: ldibanyez http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1013 ldibanyez Wed, 20 Jan 2010 16:36:36 +0000 http://www.analogrithems.com/rant/?p=13#comment-1013 Hi there, First of all, congratulations for your effort, is really useful. I've just set it up and succesfully read (thats all i need for the app i'm doing) the users, but now i need some relations between ldap-sourced models and between ldap-sourced and sql-sourced models. I've seen that you implemented 'generateassociationQuery' but i can't figure out what goes in the 'foreignKey' field. For example, if i got a set of ou (departments), and inside each of them a set of users, how i say to cake that a user belongsTo a department? Or maybe i'm just screwing it all up, because foreign key is a relational concept not applicable to ldap, and a i'll be better making a full dn find to know the users that belong to a department. Thanks in advance. Hi there,

First of all, congratulations for your effort, is really useful.

I’ve just set it up and succesfully read (thats all i need for the app i’m doing) the users, but now i need some relations between ldap-sourced models and between ldap-sourced and sql-sourced models. I’ve seen that you implemented ‘generateassociationQuery’ but i can’t figure out what goes in the ‘foreignKey’ field.

For example, if i got a set of ou (departments), and inside each of them a set of users, how i say to cake that a user belongsTo a department?

Or maybe i’m just screwing it all up, because foreign key is a relational concept not applicable to ldap, and a i’ll be better making a full dn find to know the users that belong to a department.

Thanks in advance.

]]> By: Bas Tichelaar http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1012 Bas Tichelaar Sun, 17 Jan 2010 17:29:46 +0000 http://www.analogrithems.com/rant/?p=13#comment-1012 Hi, any progress made already? Hi, any progress made already?

]]> By: orangepeelbeef http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1011 orangepeelbeef Sat, 16 Jan 2010 01:23:52 +0000 http://www.analogrithems.com/rant/?p=13#comment-1011 figured it out: controller: $user = $this->LdapAuth->user(); $this->set(compact('user')); then can retrieve as view: echo $user['User']['mail'] figured it out:

controller:

$user = $this->LdapAuth->user();
$this->set(compact(‘user’));

then can retrieve as

view:
echo $user['User']['mail']

]]> By: orangepeelbeef http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1010 orangepeelbeef Sat, 16 Jan 2010 01:02:20 +0000 http://www.analogrithems.com/rant/?p=13#comment-1010 Thanks, that was a big help. I now can view the ldap user data within the users controller, but how do I know what the uid of the user who is currently logged in is? That is the last piece I'm missing to make this functional. I also want to do some differing access levels based on what ldap group the user is in, so I need to be able to access the ldap info for the user who previously logged in. I used beforefilters to force a login for all my pages. Thanks, that was a big help. I now can view the ldap user data within the users controller, but how do I know what the uid of the user who is currently logged in is? That is the last piece I’m missing to make this functional. I also want to do some differing access levels based on what ldap group the user is in, so I need to be able to access the ldap info for the user who previously logged in. I used beforefilters to force a login for all my pages.

]]> By: analogrithems http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1009 analogrithems Fri, 15 Jan 2010 23:43:45 +0000 http://www.analogrithems.com/rant/?p=13#comment-1009 I do it like this function view( $id ){ if(!empty($id)){ $filter = $this->Person->primaryKey."=".$id; $people = $this->Person->find('first', array( 'conditions'=>$filter)); $this->set(compact('people')); } } And in my model I define my primary Key like this // This would be the ldap equivalent to a primary key if your dn is // in the format of uid=username, ou=people, dc=example, dc=com var $primaryKey = 'uid'; Note though that depending on what your trying to model you can change the primaryKey, sometimes you want to look at your objects holistically so the primaryKey would be 'dn'. Or if you are dealing with groups your primary key would be 'cn'. This takes a little getting used to. In My view I can then access the cn like this <?php echo $this->data['Person']['cn']; ?> I do it like this
function view( $id ){
if(!empty($id)){
$filter = $this->Person->primaryKey.”=”.$id;
$people = $this->Person->find(‘first’, array( ‘conditions’=>$filter));
$this->set(compact(‘people’));
}
}

And in my model I define my primary Key like this
// This would be the ldap equivalent to a primary key if your dn is
// in the format of uid=username, ou=people, dc=example, dc=com
var $primaryKey = ‘uid’;

Note though that depending on what your trying to model you can change the primaryKey, sometimes you want to look at your objects holistically so the primaryKey would be ‘dn’. Or if you are dealing with groups your primary key would be ‘cn’. This takes a little getting used to.

In My view I can then access the cn like this
< ?php echo $this->data['Person']['cn']; ?>

]]> By: orangepeelbeef http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1008 orangepeelbeef Fri, 15 Jan 2010 20:49:43 +0000 http://www.analogrithems.com/rant/?p=13#comment-1008 Aside from the schema it seems to be authenticating properly. I see the user information gets dumped into the session data, but how do I access the ldap attributes? I want to retrieve the email address the 'mail' attribute, but i'm not having much luck getting that info. Should I be grabbing it out of the session or is there some trick for getting it via something like $user['mail'] ? Aside from the schema it seems to be authenticating properly. I see the user information gets dumped into the session data, but how do I access the ldap attributes? I want to retrieve the email address the ‘mail’ attribute, but i’m not having much luck getting that info. Should I be grabbing it out of the session or is there some trick for getting it via something like $user['mail'] ?

]]> By: orangepeelbeef http://www.analogrithems.com/rant/2009/06/12/cakephp-with-full-crud-a-living-example/comment-page-1/#comment-1007 orangepeelbeef Thu, 14 Jan 2010 01:54:20 +0000 http://www.analogrithems.com/rant/?p=13#comment-1007 Also, Fwiw, phpldapadmin can retrieve my AD schema with no modifications. I only mention this because the __getLDAPschema() code mentions it was borrowed from phpldapadmin. I assume it was borrowed a long time ago, and things have probably changed dramatically. Also, Fwiw, phpldapadmin can retrieve my AD schema with no modifications. I only mention this because the __getLDAPschema() code mentions it was borrowed from phpldapadmin. I assume it was borrowed a long time ago, and things have probably changed dramatically.

]]>