[dokuwiki] ldap auth and groups

• From: "Mark McCoy" <realmcking@xxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Fri, 6 Jul 2007 09:57:58 -0500

Hey all,

I'm having a little problem getting LDAP and groups to work properly.

I can login using the LDAP backend, and the groups are read properly
from the LDAP (I can see them via the LDAP "debug" property), but the
groups are not translating into dokuwiki groups properly.

If I login using an account that is in the 'wiki-admins' group in
LDAP, then I have full access to the wiki and can access the admin
area.  If I login to an account that is part of the 'wiki-users'
group, then I immediately get the "[sorry], perhaps you forgot to
login" message.

I disabled the default group since this particular wiki is to be
fairly sensitive and  only used by a very small number of people in
our organization, and we don't want everyone to be able to read any
documents at all.

Dokuwiki version 2006-11-06
Apache 2.2, PHP 5.2
Sun Directory Server 6.0

Here is the relevant section from local.php:
$conf['authtype']    = 'ldap';
$conf['auth']['ldap']['server']   = 'ldaps://**.**.**.**:636';
$conf['auth']['ldap']['version']  = 3;
$conf['auth']['ldap']['binddn']   = 'uid=wiki-admin,ou=Special Users,dc=**';
$conf['auth']['ldap']['bindpw']   = '**'
$conf['auth']['ldap']['usertree'] = 'uid=%{user},ou=People,dc=**';
$conf['auth']['ldap']['grouptree']   = 'ou=Groups,dc=**';
$conf['auth']['ldap']['groupfilter']   = '(uniquemember=%{dn})';
$conf['auth']['ldap']['name']    = 'displayname';
$conf['superuser'] = '@wiki-admins';
$conf['auth']['ldap']['debug']    = true;
unset($conf['defaultgroup']);

Here is my acl.auth,php:
*               @ALL          0
*               @wiki-users         8
*               @wiki-admins      255
--
Mark McCoy
Professional Unix geek and US Army Infantry Combat Veteran
2/7 Cavalry "Garry Owen!"

Here in America we are descended in blood and in spirit from
revolutionists and rebels - men and women who dared to dissent from
accepted doctrine. As their heirs, may we never confuse honest dissent
with disloyal subversion. -- Dwight D. Eisenhower
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts:

• » [dokuwiki] ldap auth and groups

1. Home
2. dokuwiki
3. Archive
4. 07-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---