Hello, all. After much googling and searching this forum, I'm still perplexed about how to have ldap groups appear in the konqueror permissions group drop down list.

We are using KDE and Konqueror 3.5.10. The computer is configured to query a redhat directory server using ldap with TLS encryption. It is working perfectly fine at the Linux level (fully patched Ubuntu 8.0.4). For example, users existing only in LDAP can login and file user and group ownership are properly displayed in something like ls -l. Konqueror itself displays the proper ldap groups for group ownership on existing files.

However, we would like users to be able to set group ownership for directories and files from within Konqueror. If I right click on a file or directory in Konqueror and choose Properties / Permissions and then click on the Group combo-box, only local groups of which I am a member appear. It does not display ldap groups.

I have tried reversing the order of precedence in /etc/nsswitch.conf, e.g.,
group: ldap files
but this did not make a difference.

How do I configure Konqueror so ldap groups appear in the permissions dialog? Thanks - John

I can only guess that this is implemented in a way that only lists local groups. You may however be able to click on the drop down and type the name of the group you wish to change it to, as a workaround.

bcooksley wrote:I can only guess that this is implemented in a way that only lists local groups. You may however be able to click on the drop down and type the name of the group you wish to change it to, as a workaround.

Ooo - I hope that's not the case. That would be really ugly and definitely user unfriendly. We are having some considerable success migrating users from Windows to KDE. This would be a nasty setback. Thank, though - John

Happy to hear about your migration. Does the command "groups" in Konsole include all your LDAP groups?

Yes, that's why I was so surprised when Konqueror did not.

If you click "Advanced Permissions", select Add Entry, then "Named Group" do your LDAP groups show there?

Strange - I don't have such an option. I'll paste in a couple of screen shots:
Here are all the groups as shown by "groups"


Here is the group list displayed in Konqueror:


Here are my advanced permissions:


I did double check to make sure the groups weren't hidden - I scrolled through all the entries in the combo box - what I see is what I get. What next? Thanks very much - this is a fairly important issue for our new business venture - John

Which distribution do you use? You may need to install a package for the more advanced dialog.

I read the source of the Permissions dialog which is provided by the KDE libraries, and determined that it directly reads /etc/groups to get the list of groups. I do not know if this affects the Advanced Permissions dialog however.
Please file a bug at bugs.kde.org for the product "kdelibs" with the component "kio" regarding this.

This is Ubuntu 8.0.4 but I believe I've also seen this on CentOS 5.2. If you've read the code and it specifically looks at /etc/group, that would explain it. That is the behavior we are seeing; it is displaying only the groups in /etc/group and not the LDAP groups. Is there anyway to configure it to include LDAP groups? Thanks - John

I have made a patch that should correct the issue. I have provided the patch below. This will require compiling KDE Libs yourself however to use. Could an Ubuntu guru please help make this a package?

Code: Select all

1774,1793c1774,1787                                                                     
gr_name);           
gr_mem;                           
gr_name);   
   int numOfGroups;
>   gid_t *groups;
>   struct group *groupObject;
>
>   // Retrieve group list
>   numOfGroups = getgroups (0, NULL);
>   groups = (gid_t *) malloc (numOfGroups * sizeof (gid_t));
>   getgrouplist(strUser, getegid(), groups, &numOfGroups); // actually get a list, but donot include the main group
>   // Now we add it to the list
>   if (groups != NULL) {
>     for( int groupId = 0; groupId        groupObject = getgrgid(groups[groupId]);
>       if(groupObject != NULL )
>         groupList += QString::fromLocal8Bit(groupObject->gr_name);

Thank you very, very much. I don't know how to create a deb either but I guess I'll learn! I look forward to receiving the patch from you. Thanks again - John

This patch should do the trick. It uses the same technique as the "groups" app
It effects kdelibs-3.5.10/kio/kfile/kpropertiesdialog.cpp

Code: Select all

Index: kpropertiesdialog.cpp                                                   
===================================================================           
--- kio/kfile/kpropertiesdialog.cpp       (revision 919351)                             
+++ kio/kfile/kpropertiesdialog.cpp       (working copy)                                 
@@ -1771,26 +1771,20 @@                                                       
     strUser = user->pw_name;                                                 
                                                                               
 #ifdef Q_OS_UNIX                                                             
-  setgrent();                                                                 
-  for (i=0; ((ge = getgrent()) != 0L) && (i gr_name);                         
-    else                                                                     
-    {                                                                         
-      /* pick the groups to which the user belongs */                         
-      char ** members = ge->gr_mem;                                           
-      char * member;                                                         
-      while ((member = *members) != 0L) {                                     
-        if (strUser == member) {                                             
-          groupList += QString::fromLocal8Bit(ge->gr_name);                   
-          break;                                                             
-        }                                                                     
-        ++members;                                                           
-      }                                                                       
-    }
-  }
-  endgrent();
+  int numOfGroups;
+  gid_t *groups;
+  struct group *groupObject;
+
+  // Retrieve group list
+  numOfGroups = getgroups (0, NULL);
+  groups = (gid_t *) malloc (numOfGroups * sizeof (gid_t));
+  getgrouplist(strUser, getegid(), groups, &numOfGroups); // actually get the list
+  // Now we add it to the list
+  if (groups != NULL) {
+    for( int groupId = 0; groupId gr_name);
 #endif //Q_OS_UNIX

   /* add the effective Group to the list .. */

This is great. I'm certainly willing to give it a test but I'm afraid I need a bit of hand holding. I'm a network guy and not a developer at all. I know just enough from my work on the ISCS project (iscs.sf.net) to be dangerous.

I've downloaded the kdelibs source but I'm not sure what to do next. Can I simply compile the kpropertiesdialog.cpp file or do I need to compile the entire kdelibs package? If just the file, what file am I replacing? I was hoping it would be straightforward but I don't see a kpropertiesdialog file anywhere. I do see /usr/lib/kde3/kpfpropertiesdialog.la and /usr/lib/kde3/kpfpropertiesdialog.so but don't know if that is the proper target nor would I know how to create it.

Sorry to be so ignorant but I'm willing to give it my best shot. What do I do next? Thanks - John

First you will need all the build-depends packages listed here: http://packages.ubuntu.com/source/hardy-updates/kdelibs

Then download these two files from that page ( links at bottom )
kdelibs_3.5.10.orig.tar.gz
kdelibs_3.5.10-0ubuntu1~hardy1.diff.gz

Extract kdelibs_3.5.10.orig.tar.gz to /tmp/kdelibs-build/
Extract kdelibs_3.5.10-0ubuntu1~hardy1.diff.gz to /tmp/kdelibs-build/kdelibs-3.5.10
Copy my patch ( kdelibs-ldap.patch ) to /tmp/kdelibs-build/kdelibs-3.5.10

Open Konsole, and change to /tmp/kdelibs-build/kdelibs-3.5.10
Apply the patches using these two commands

Code: Select all

patch -i kdelibs_3.5.10-0ubuntu1~hardy1.diff
patch -i kdelibs-ldap.patch

Both should apply without any errors
Now run this command to prepare the build:

Code: Select all

dh_make -createorig

Open the file debian/control in a text editor, and change/add these lines:

Code: Select all

Source: kdelibs
Binary: kdelibs, kdelibs-data, kdelibs4c2a, kdelibs4-dev, kdelibs4-doc, kdelibs-dbg
Version: 4:3.5.10-0ubuntu1~hardy2

Then perform the build with

Code: Select all

dpkg-buildpackage -rfakeroot

This will produce a shiny new deb file in /tmp/kdelibs-build which contains my patch. Try installing it.

Argh! It seemed very straightforward (thank you) but I'm getting tons of failed hunks. I'll have to dig further and see why - John