[dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment?

• From: lwoggardner <grant@xxxxxxxxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Mon, 24 Nov 2008 08:08:57 +1100

Sorry, no code or config to offer, just an idea.

This concept can possibly be generalised with an new auth backend class
that delegates authentication (checkPass) to one backend and authorisation
(getUserData) to another. A bit like the approach I took with
http://www.dokuwiki.org/tips:chainedauth.

It might be configured with some conf values eg...
   $conf['splitauth_authentication_backend'] = 'ldap'
   $conf['splitauth_authorisation_backend'] = 'plain'

Alternatively if you want to merge group info from multiple backends then
the concept in chainedauth could be enhanced so that the getUserData
function merges the information from all backends rather then breaking out
of the chain at the first backend that finds a matching user.

Grant.
(poss reposting from subscribed address)

On Sat, 22 Nov 2008 13:01:19 +0100, Sebastian Menge
<sebastian.menge@xxxxxxxxxxxxxxx> wrote:
> Am Fri, 21 Nov 2008 13:37:03 -0500
> schrieb "Metz, Bobby" <Bobby.Metz@xxxxxxxxxxxxxxxxxx>:
>
>> I've recently upgraded my doku version and I want to switch to LDAP
>> authentication but I want to retain the ability to assign groups to
>> users via users.auth.php instead of using LDAP groups since I have a
>> lot of automation around this file already and it affords me stricter
>> security control than with my LDAP server which several departments
>> use. I looked through the LDAP auth documentation but it seems to be
>> all or nothing.  Can someone more knowledgeable of using LDAP with
>> doku provide some advice please?  Is my assumption correct that I can
>> only use LDAP groups with LDAP authentication?  Or is there a middle
>> ground and if so what it might be and where can I find info for
>> configuring it?
>
> With our RADIUS-Backend we just wrote our own
> "checkPass(user,pass)->bool" and do the rest via users.auth.php. So it's
> possible, but perhaps you have to customize/enhance the LDAP-Backend.
>
> I have to update http://www.dokuwiki.org/auth:radius when i find the
> time, since we really extend auth_basic such that we can use the
> user_manager plugin.
>
> Let me know if you're interested in this.
>
> Sebastian.
> --
> DokuWiki mailing list - more info at
> http://wiki.splitbrain.org/wiki:mailinglist
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment?
    • From: Metz, Bobby

Other related posts:

• » [dokuwiki] Authenticate against LDAP but retain users.auth.php group assignment? - Metz, Bobby
• » [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment? - Patrice Caron
• » [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment? - Sebastian Menge
• » [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment? - Klaus Vormweg
• » [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment? - lwoggardner
• » [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment? - Gina Häußge
• » [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment? - Sebastian Menge
• » [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment? - Metz, Bobby
• » [dokuwiki] Re: Authenticate against LDAP but retain users.auth.php group assignment? - Metz, Bobby

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription