Go to the FreeLists Home Page Home Signup Help Login 		 



[dokuwiki] || [Date Prev] [07-2007 Date Index] [Date Next] || [Thread Prev] [07-2007 Thread Index] [Thread Next]

[dokuwiki] ldap auth and groups

  • From: "Mark McCoy" <realmcking@xxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Fri, 6 Jul 2007 09:57:58 -0500
Hey all,

I'm having a little problem getting LDAP and groups to work properly.

I can login using the LDAP backend, and the groups are read properly
from the LDAP (I can see them via the LDAP "debug" property), but the
groups are not translating into dokuwiki groups properly.

If I login using an account that is in the 'wiki-admins' group in
LDAP, then I have full access to the wiki and can access the admin
area.  If I login to an account that is part of the 'wiki-users'
group, then I immediately get the "[sorry], perhaps you forgot to
login" message.

I disabled the default group since this particular wiki is to be
fairly sensitive and  only used by a very small number of people in
our organization, and we don't want everyone to be able to read any
documents at all.

Dokuwiki version 2006-11-06
Apache 2.2, PHP 5.2
Sun Directory Server 6.0

Here is the relevant section from local.php:
$conf['authtype']    = 'ldap';
$conf['auth']['ldap']['server']   = 'ldaps://**.**.**.**:636';
$conf['auth']['ldap']['version']  = 3;
$conf['auth']['ldap']['binddn']   = 'uid=wiki-admin,ou=Special Users,dc=**';
$conf['auth']['ldap']['bindpw']   = '**'
$conf['auth']['ldap']['usertree'] = 'uid=%{user},ou=People,dc=**';
$conf['auth']['ldap']['grouptree']   = 'ou=Groups,dc=**';
$conf['auth']['ldap']['groupfilter']   = '(uniquemember=%{dn})';
$conf['auth']['ldap']['name']    = 'displayname';
$conf['superuser'] = '@wiki-admins';
$conf['auth']['ldap']['debug']    = true;
unset($conf['defaultgroup']);

Here is my acl.auth,php:
*               @ALL          0
*               @wiki-users         8
*               @wiki-admins      255
--
Mark McCoy
Professional Unix geek and US Army Infantry Combat Veteran
2/7 Cavalry "Garry Owen!"

Here in America we are descended in blood and in spirit from
revolutionists and rebels - men and women who dared to dissent from
accepted doctrine. As their heirs, may we never confuse honest dissent
with disloyal subversion. -- Dwight D. Eisenhower
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2007 Avenir Technologies, LLC.