Follow

Sync'ing with LDAP

Getting Ready

Follow the instructions from the first two sections of the Creating Your First User article to setup and configure the Mambo PHP SDK.

The Script

Below you will find a sample script showing how to sync your LDAP with the Mambo Platform. The script requires you to configure some options in order to fetch the data correctly from your LDAP. There are useful debug statements which can be used to help configure the script.

The script below is a good starting point which could be easily enhanced to include other fields and functionality, for example, generating Tags based on Groups found in the LDAP directory.

<?php

/////////////////////////////////////////////
// The properties below require your input //
/////////////////////////////////////////////

// LDAP Properties
$ldap_username = 'CN=XXXX,DC=XXXX,DC=XXXX';
$ldap_password = 'secret';
$ldap_hostname = '127.0.0.1';
$ldap_version = 3;

// Used to find the users in LDAP
$ldap_base_dn = 'OU=XXXX,DC=XXXX,DC=XXXX';
$ldap_list_filter = 'UID=*';

// Used to find the fields which map from LDAP to the Mambo User Object
$ldap_uuid = 'uid';
$ldap_first_name = 'givenname';
$ldap_last_name = 'sn';
$ldap_display_name = 'displayname';
$ldap_email = 'mail';
$ldap_gender = '';
$ldap_profile_url = '';
$ldap_picture_url = '';

// Note: This is expected as a UTC timestamp in ISO 8601 format 
// with millisecond precision: YYYY-MM-DDTHH:MM:SS.MMMZ
// For example: 2013-01-20T20:43:24.094Z
$ldap_birthday = ''; 

// Debug options
$show_ldap_var_dump = false;
$show_mambo_user_var_dump = true;
$show_mambo_request_var_dump = true;

// Mambo Properties
$public_key = 'YOUR_PUBLIC_KEY';
$private_key = 'YOUR_PRIVATE_KEY';
$site_url = 'YOUR_SITE_URL'; 
$mambo_url = 'http://api.mambo.io'; ///////////////////////////////////////////// print( "Configuring Mambo SDK...\n" ); // Initialise Mambo SDK require_once('/sdk/Mambo.php'); MamboClient::setCredentials( $public_key, $private_key ); MamboClient::setEndPointBaseUrl( $mambo_url ); print( "Connecting to LDAP...\n" ); // Connect to LDAP $ldap_connection = ldap_connect( $ldap_hostname ); if( $ldap_connection === FALSE ){ die("Something went wrong connecting to LDAP."); } ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, $ldap_version) or die('Unable to set LDAP protocol version'); ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search. if( ldap_bind( $ldap_connection, $ldap_username, $ldap_password ) === FALSE ) { die("Check your LDAP username and password."); } // Check to see if we have the basic data set to create user if( empty( $ldap_uuid ) || empty( $ldap_first_name ) || empty( $ldap_last_name ) ) { die( "UUID, First Name and Last Name ldap fields must be set!" ); } print( "Retrieving users from LDAP...\n" ); $result = ldap_list( $ldap_connection, $ldap_base_dn, $ldap_list_filter, array() ); if( $result === FALSE ) { die( "No results returned from LDAP." ); } $entries = ldap_get_entries( $ldap_connection, $result ); if( $show_ldap_var_dump ) { var_dump( $entries ); } for( $i = 0; $i < $entries['count']; $i++ ) { print( "Processing LDAP User ----------------------------\n" ); $data = new UserRequestData(); $details = new UserDetails(); if( empty( $entries[$i][$ldap_uuid] ) ) { print( "Aborting: No UUID found" ); continue; } else { $data->setUuid( $entries[$i][$ldap_uuid][0] ); } if( empty( $entries[$i][$ldap_first_name] ) ) { print( "Aborting: No First Name found" ); continue; } else { $details->setFirstName( $entries[$i][$ldap_first_name][0] ); } if( empty( $entries[$i][$ldap_last_name] ) ) { print( "Aborting: No Last Name found" ); continue; } else { $details->setLastName( $entries[$i][$ldap_first_name][0] ); } if( !empty( $entries[$i][$ldap_display_name] ) ) { $details->setDisplayName( $entries[$i][$ldap_display_name][0] ); } if( !empty( $entries[$i][$ldap_email] ) ) { $details->setEmail( $entries[$i][$ldap_email][0] ); } if( !empty( $entries[$i][$ldap_birthday] ) ) { $details->setBirthday( $entries[$i][$ldap_birthday][0] ); } if( !empty( $entries[$i][$ldap_gender] ) ) { $details->setGender( $entries[$i][$ldap_gender][0] ); } if( !empty( $entries[$i][$ldap_profile_url] ) ) { $data->setProfileUrl( $entries[$i][$ldap_profile_url][0] ); } if( !empty( $entries[$i][$ldap_picture_url] ) ) { $data->setPictureUrl( $entries[$i][$ldap_picture_url][0] ); } $data->setDetails( $details ); if( $show_mambo_request_var_dump ) { print( "UserRequestData to send to Mambo:\n" ); var_dump( $data ); } $user = MamboUsersService::create( $site_url, $data ); if( $show_mambo_user_var_dump ) { print( "UserDto response from Mambo:\n" ); var_dump( $user ); } } ldap_unbind( $ldap_connection ); ?>

0 Comments

Please sign in to leave a comment.