[dokuwiki] Re: LDAP and user management?
- From: aliasonline@xxxxxxx
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Thu, 31 Jan 2008 13:54:42 -0500
Hi Grant,
I actually had to change the order of the backends from your code to
'plain:ldap'. The other way didn't work.
The last option in your email is what my situation is. I think I know
what you mean but could you explain it to me with some code examples?
Thanks.
On Jan 30, 2008, at 6:43 AM, Grant Gardner wrote:
Hi Corey,
Glad to hear this is working with ldap as I wasn't able to test that
myself.
The normal acl http://wiki.splitbrain.org/wiki:acl behaviour should
work
with the groups returned by the first backend that finds the userid,
and
of course by giving access to the specific userids.
Where this comes unstuck is if you want to have your own "groups" of
ldap users. Clearly you don't have control to add new ldap users
(otherwise you wouldn't need chained) and therefore probably can't add
users to ldap groups either.
If this is your issue then perhaps we could enhance chainedauth with
an
option to union the groups from all the backends in the chain. Then
for
your special ldap users you would add an entry for them in the plain
backend but only the group assignments would be used by dokuwiki.
Cheers,
Grant.
BTW: I noticed the chainedauth page had a couple of debugging "msg"
statements in the code, you might want to comment them out.
On Tue, 2008-01-29 at 14:42 -0500, aliasonline@xxxxxxx wrote:
Thanks Seb!
That fixed the problem! The "chainedauth" was developed by Grant
Gardner and the code is available at
http://wiki.splitbrain.org/wiki:tips:chainedauth
The next question is how do I give full or edit access to a few of
the
users in ldap. I don't want to give full access to everyone in ldap.
Thanks in advance!
Corey
On Jan 29, 2008, at 1:59 PM, Sebastian Krohn wrote:
On Tuesday 29 January 2008 15:15:44 aliasonline@xxxxxxx wrote:
That's exactly what I want to do; give a few users who are not in
ldap full, edit only or read only access.
I looked at inc/auth/ldap.class.php but couldn't figure it out what
you meant.
Can you give me some sample code to mix two authentication
providers?
There's something called 'chained authtype'. I use it to mix my
regular
user's LDAP-based accounts with some wiki-only users:
$conf['chained_authtypes'] = 'ldap:plain';
$conf['chained_usermanager_authtype'] = 'plain';
$conf['auth']['ldap']['server'] = 'localhost';
$conf['auth']['ldap']['port'] = '389';
[...]
I can't remember if this was part of the distribution but a search
in
the official wiki and/or mailing list archive should give some
hints.
HTH
Seb
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
- References:
- [dokuwiki] Re: LDAP and user management?
- From: Jens Wilke
- [dokuwiki] Re: LDAP and user management?
- From: aliasonline
- [dokuwiki] Re: LDAP and user management?
- From: Sebastian Krohn
- [dokuwiki] Re: LDAP and user management?
- From: aliasonline
- [dokuwiki] Re: LDAP and user management?
- From: Grant Gardner
Other related posts:
- » [dokuwiki] LDAP and user management?
- » [dokuwiki] Re: LDAP and user management?
- » [dokuwiki] Re: LDAP and user management?
- » [dokuwiki] Re: LDAP and user management?
- » [dokuwiki] Re: LDAP and user management?
- » [dokuwiki] Re: LDAP and user management?
- » [dokuwiki] Re: LDAP and user management?
- » [dokuwiki] Re: LDAP and user management?
- » [dokuwiki] Re: LDAP and user management?
Hi Corey, Glad to hear this is working with ldap as I wasn't able to test that myself.The normal acl http://wiki.splitbrain.org/wiki:acl behaviour should work with the groups returned by the first backend that finds the userid, and
of course by giving access to the specific userids. Where this comes unstuck is if you want to have your own "groups" of ldap users. Clearly you don't have control to add new ldap users (otherwise you wouldn't need chained) and therefore probably can't add users to ldap groups either.If this is your issue then perhaps we could enhance chainedauth with an option to union the groups from all the backends in the chain. Then for
your special ldap users you would add an entry for them in the plain
backend but only the group assignments would be used by dokuwiki.
Cheers,
Grant.
BTW: I noticed the chainedauth page had a couple of debugging "msg"
statements in the code, you might want to comment them out.
On Tue, 2008-01-29 at 14:42 -0500, aliasonline@xxxxxxx wrote:
Thanks Seb! That fixed the problem! The "chainedauth" was developed by Grant Gardner and the code is available at http://wiki.splitbrain.org/wiki:tips:chainedauthThe next question is how do I give full or edit access to a few of theusers in ldap. I don't want to give full access to everyone in ldap. Thanks in advance! Corey On Jan 29, 2008, at 1:59 PM, Sebastian Krohn wrote:On Tuesday 29 January 2008 15:15:44 aliasonline@xxxxxxx wrote:That's exactly what I want to do; give a few users who are not in ldap full, edit only or read only access. I looked at inc/auth/ldap.class.php but couldn't figure it out what you meant.Can you give me some sample code to mix two authentication providers?There's something called 'chained authtype'. I use it to mix my regular user's LDAP-based accounts with some wiki-only users: $conf['chained_authtypes'] = 'ldap:plain'; $conf['chained_usermanager_authtype'] = 'plain'; $conf['auth']['ldap']['server'] = 'localhost'; $conf['auth']['ldap']['port'] = '389'; [...]I can't remember if this was part of the distribution but a search in the official wiki and/or mailing list archive should give some hints.HTH Seb
-- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist
- [dokuwiki] Re: LDAP and user management?
- From: Jens Wilke
- [dokuwiki] Re: LDAP and user management?
- From: aliasonline
- [dokuwiki] Re: LDAP and user management?
- From: Sebastian Krohn
- [dokuwiki] Re: LDAP and user management?
- From: aliasonline
- [dokuwiki] Re: LDAP and user management?
- From: Grant Gardner