Enhancement: Add option to select whether LDAP group synchronisation creates new groups or only sync existing ones

• Feature request
• Patch
• Less than 30-minutes fix

When groups are synchronised with a big LDAP organisation many empty groups may end up in Tikiwiki.

This enhancement / patch adds an option to let the administrator of a tikiwiki instance decide whether during synchronisation of groups only the user assignments to existing groups will be done or if non-existent groups will be created in tikiwiki.

The default behaviour - as of now - is that when a LDAP user logs in all the groups he belongs to will be created in tikiwiki and he is being added as a member of these groups.

This enhancement adds the preference "ldap_create_groups_tiki" which is "y" by default - which corresponds to the current behaviour.

If "ldap_create_groups_tiki" is set to "n" and a LDAP user logs in the group synchronisation process will silently ignore groups that exist in LDAP but not in tikiwiki. Existing groups will be synced, though.

30c40
+                'ldap_create_group_tiki' => array(
+                        'name' => tra('If group does not exist in Tiki'),
+                        'type' => 'list',
+                        'perspective' => false,
+                        'options' => array(
+                                'y' => tra('Create the group'),
+                                'n' => tra('Ignore it'),
+                        ),
+                        'default' => 'y',
+                ),

223c227
+                        <fieldset>
+                                <legend>{tr}LDAP group synchronisation{/tr}</legend>
+                                {preference name=ldap_create_group_tiki}
+                        </fieldset>

@@ -1261,18 +1261,21 @@
                                        }
                                }

-                       } else if (!$this->group_exists($gname)){ // create group
-                               if (isset($group[$prefs['auth_ldap_groupdescattr']])) {
-                                       $gdesc=$group[$prefs['auth_ldap_groupdescattr']];
-                               } else {
-                                       $gdesc='';
-                               }
-                               $logslib->add_log('ldap','Creating external group '.$gname);
-                               $this->add_group($gname,$gdesc,'',0,0,'','',0,'',0,0,'y');
+                       } else if (!$this->group_exists($gname)){ // group does not exist
+                               // create group if we should do so
+                               if ($group[$prefs['auth_ldap_create_group_tiki']] == 'y') {
+                                       if (isset($group[$prefs['auth_ldap_groupdescattr']])) {
+                                               $gdesc=$group[$prefs['auth_ldap_groupdescattr']];
+                                        } else {
+                                               $gdesc='';
+                                        }
+                                        $logslib->add_log('ldap','Creating external group '.$gname);
+                                        $this->add_group($gname,$gdesc,'',0,0,'','',0,'',0,0,'y');
+                                }
                        }

-                       // add user
-                       if (!in_array($gname,$tikigroups)) {
+                       // add user - before check again if group exists
+                       if (!in_array($gname,$tikigroups) && $this->group_exists($gname)) {
                                $logslib->add_log('ldap','Adding user '.$user.' to external group '.$gname);
                                $this->assign_user_to_group($user,$gname);
                        }

This bug has been demonstrated on show2.tiki.org

Please demonstrate your bug on show2.tiki.org