[dokuwiki] ACL + LDAP troubles

• From: Christian Pinedo Zamalloa <christian.pinedo.zamalloa@xxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Wed, 27 Sep 2006 16:38:37 +0200

hi,

I'm working with the latest stable release of dokuwiki and i am having
troubles with LDAP. User authentication througth LDAP works fine but
ACL group permissions doesn't work.

My local.php configuration is the next:

$conf['useacl']      = 1;
$conf['superuser']   = '@i2tadmins';
$conf['openregister']= 0;
$conf['authtype']    = 'ldap';
$conf['auth']['ldap']['server']      = 'ldap://127.0.0.1:389';
$conf['auth']['ldap']['binddn']      = 'cn=unix,ou=admins,dc=i2t,dc=xxx,dc=yy';
$conf['auth']['ldap']['binddn']      = 'cn=unix,ou=admins,dc=i2t,dc=xxx,dc=yy';
$conf['auth']['ldap']['bindpw']      = 'unixI2Topenldap';
$conf['auth']['ldap']['usertree']    = 'ou=users,dc=i2t,dc=xxx,dc=yy';
$conf['auth']['ldap']['userfilter']  = 
'(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['grouptree']   = 'ou=groups,dc=i2t,dc=xxx,dc=yy';
$conf['auth']['ldap']['groupfilter'] = 
'(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{uid})))';
$conf['auth']['ldap']['version'] = 3;
$conf['auth']['ldap']['debug'] = true;

And my acl.auth.php file :

admin:* @i2t    1
admin:* @i2tadmins      16
wiki:*  @i2t    1
wiki:*  @i2tadmins      1
*       @ALL    0
*       @i2t    16
*       @i2tadmins  16

When i realize a ldap search for groups with that settings, ldapserarch
tool works fine:

$ ldapsearch -x -LLL -D "cn=unix,ou=admins,dc=i2t,dc=xxx,dc=yy" -W -b 
"ou=groups,dc=i2t,dc=xxx,dc=yy" 
'(&(objectClass=posixGroup)(|(gidNumber=10002)(memberUID=pizac)))'
dn: cn=i2t,ou=groups,dc=i2t,dc=xxx,dc=yy
objectClass: sambaGroupMapping
objectClass: posixGroup
displayName: I2T Member
sambaGroupType: 2
sambaSID: S-1-5-21-1773954950-4189186184-4069137831-21003
gidNumber: 10001
cn: i2t
memberUid: pizac

dn: cn=i2tadmins,ou=groups,dc=i2t,dc=xxx,dc=yy
objectClass: sambaGroupMapping
objectClass: posixGroup
displayName: I2T Administrators
sambaGroupType: 2
sambaSID: S-1-5-21-1773954950-4189186184-4069137831-21005
description: I2T Administrators
gidNumber: 10002
cn: i2tadmins

As it can be seen, i am in two groups, one of which have asigned all
privileges in the acl.auth.conf (i2tadmins) and the other one at list
read permisions. Since the ldapsearch command is sucessfull i understand
the groupfilter is ok. But when i logon in Dokuwiki i cann't even read
the start page, it seems that i am in  ALL group.

Any suggestions? Thanks,

-- 
Christian Pinedo Zamalloa
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts:

• » [dokuwiki] ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles
• » [dokuwiki] Re: ACL + LDAP troubles

1. Home
2. dokuwiki
3. Archive
4. 09-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---