Membership 2 Pro and LDAP groups?

Hi,
I'm exploring using Membership 2 Pro on my network and was wondering if it's possible to assign a user a membership based on their LDAP group? How would I do this?

Thanks,
Nathan

  • Patrick

    Hi there @grahamn

    I hope you're well today!

    I would think it should be possible as seen in this example code which fetches the LDAP group(s) for a specified username/password combination:
    https://samjlevy.com/use-php-and-ldap-to-get-a-users-group-membership-including-the-primary-group/

    Exactly how to integrate that with Membership2 registration is a wee bit beyond my expertise though. So I've asked our 2nd-level support wiz-kids to join in here to lend a hand if they can.

  • Jude

    Hey grahamn

    Sorry about the extreme delay here, it somehow slipped through the gaps. Here is an approach you can take to programmatically assign a membership based on the LDAP group.

    function get_groups($user) {
    	// Active Directory server
    	$ldap_host = "ad.domain";
    
    	// Active Directory DN, base path for our querying user
    	$ldap_dn = "CN=Users,DC=ad,DC=domain";
    
    	// Active Directory user for querying
    	$query_user = "jane@".$ldap_host;
    	$password = "password1234!";
    
    	// Connect to AD
    	$ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP");
    	ldap_bind($ldap,$query_user,$password) or die("Could not bind to LDAP");
    
    	// Search AD
    	$results = ldap_search($ldap,$ldap_dn,"(samaccountname=$user)",array("memberof","primarygroupid"));
    	$entries = ldap_get_entries($ldap, $results);
    
    	// No information found, bad user
    	if($entries['count'] == 0) return false;
    
    	// Get groups and primary group token
    	$output = $entries[0]['memberof'];
    	$token = $entries[0]['primarygroupid'][0];
    
    	// Remove extraneous first entry
    	array_shift($output);
    
    	// We need to look up the primary group, get list of all groups
    	$results2 = ldap_search($ldap,$ldap_dn,"(objectcategory=group)",array("distinguishedname","primarygrouptoken"));
    	$entries2 = ldap_get_entries($ldap, $results2);
    
    	// Remove extraneous first entry
    	array_shift($entries2);
    
    	// Loop through and find group with a matching primary group token
    	foreach($entries2 as $e) {
    		if($e['primarygrouptoken'][0] == $token) {
    			// Primary group found, add it to output array
    			$output[] = $e['distinguishedname'][0];
    			// Break loop
    			break;
    		}
    	}
    
    	return $output;
    }
    
    $api = ms_api();
    $member = $api->get_current_member();
    
    // Example Usage
    if ( get_groups($member) == 'groupX' ) :
        $member->add_membership( $membership_id,  $gateway_id )
    endif;

    Let us know if you still need help with this. Keeping my eyes open on this thread.

    Thank you for being a WPMU DEV member and have a fantastic day!

    Cheers
    Jude

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.