automatically assign role base on ldap group attribute

automatically assign role base on ldap group attribute

by jehan procaccia -
Number of replies: 1
hello,

I use "CAS" authentication (it should be the same situation for ldap auth), and I do get user created at first login with their correct department value set (extracted from ldap departementNumber attribute).

Now, I would like to automatically assign these new users to custom roles (that I created before, eg: departementValueX_contributors) , is it possible ? a pluging ? a SQL trigger ? anyone did that before ?

Thanks .
Average of ratings: -
In reply to jehan procaccia

Re: automatically assign role base on ldap group attribute

by jehan procaccia -
Hello, I respond to myself
We finally implemented an SQL trigger to assign role automatically

First get SQL tools SQL in order tu push the trigger to mysql

http://dev.mysql.com/downloads/gui-tools/5.0.html

Then push the following trigger (in our case based on attribute department,description and idnumber from user profile ldap fetch values)

that will assign 3 role based on ldap value at each new user login in .

delimiter |
DROP TRIGGER assign_role|
CREATE TRIGGER assign_role AFTER INSERT ON mdl_user FOR EACH ROW BEGIN
DECLARE id_role1 bigint(10);
DECLARE id_role2 bigint(10);
DECLARE id_role3 bigint(10);
SELECT id INTO id_role1 FROM mdl_role WHERE shortname = NEW.department;
INSERT INTO mdl_role_assignments (roleid, contextid, userid, hidden, timestart, timeend, timemodified, modifierid, enrol, sortorder ) VALUES ( id_role1, 1, NEW.id, 0, NEW.timemodified, 0, NEW.timemodified, 2, "manual", 0);
SELECT id INTO id_role2 FROM mdl_role WHERE shortname = NEW.description;
INSERT INTO mdl_role_assignments (roleid, contextid, userid, hidden, timestart, timeend, timemodified, modifierid, enrol, sortorder ) VALUES ( id_role2, 1, NEW.id, 0, NEW.timemodified, 0, NEW.timemodified, 2, "manual", 0);
SELECT id INTO id_role3 FROM mdl_role WHERE shortname = NEW.idnumber;
INSERT INTO mdl_role_assignments (roleid, contextid, userid, hidden, timestart, timeend, timemodified, modifierid, enrol, sortorder ) VALUES ( id_role3, 1, NEW.id, 0, NEW.timemodified, 0, NEW.timemodified, 2, "manual", 0);
END;|

Average of ratings: -