[dokuwiki] Re: LDAP: Groupfilter -> Member of myGroup
- From: Dmitry Katsubo <dma_k@xxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Fri, 24 Sep 2010 01:31:54 +0200
Hi Denny,
Have you tried to have a look into ldap logs to see what actually ldap
login module sends to LDAP? I know that Apache mod_authnz_ldap module
can do this. You expect that auth:ldap module will:
a) make a user search
b) authenticate by binding to the DN found
c) make a group search
and if all above succeeds, let the user in? So in your example you want
to define the list of users which are allowed to Wiki as LDAP group, but
I think (c) is not used for authentication, only to determine which
groups the user belongs to (for wiki ACL) after he is authenticated.
Denny Schierz wrote on 20.09.2010 14:59:
> hi,
>
> I try to get groupfilter working, but I don't get it.
>
> My base is:
>
> cn=accounts,dc=domain,dc=foo
>
> all our user accounts are there, now I created a separate group:
>
> cn=wiki,cn=admins,cn=groups,dc=domain,dc=foo
>
>
> # ldapsearch -x -h ldap -b n=wiki,cn=admins,cn=groups,dc=domain,dc=foo
> dn: cn=wiki,cn=admins,cn=groups,dc=domain,dc=foo
> objectClass: myGroup
> cn: wiki
> member: cn=user1,cn=accounts,dc=domain,dc=foo
> member: cn=user2,cn=accounts,dc=domain,dc=foo
> member: cn=user3,cn=accounts,dc=domain,dc=foo
>
> I want that only users have access, which are in the group wiki. I tried
> several filters, but no one was working:
>
> localconf.php
>
> $conf['auth']['ldap']['server'] = 'ldap';
> $conf['auth']['ldap']['version'] = '3';
> $conf['auth']['ldap']['usertree'] = 'uid=
> %{user},cn=accounts,dc=domain,dc=foo';
>
> $conf['auth']['ldap']['grouptree'] =
> 'cn=wiki,dc=admins,dc=groups,dc=rbg,dc=domain,dc=foo';
> $conf['auth']['ldap']['groupfilter'] = '(&(member=%{dn})(objectClass=*))';
> $conf['auth']['ldap']['debug'] = '1';
>
> does anybody now, what my problem is?
>
> cu denny
--
With best regards,
Dmitry
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
