Klaus, That sounds close to perfect...thanks for the code snippet. Like you said, this would make for a great addition. I'd thought about modifying ldap.class.php before but have never found the time to do so, thus the post :) I will definitely look into this unless some better suggestions arrive. Thanks!! Bobby > -----Original Message----- > From: dokuwiki-bounce@xxxxxxxxxxxxx [mailto:dokuwiki-bounce@xxxxxxxxxxxxx] > On Behalf Of Klaus Vormweg > Sent: Sunday, November 23, 2008 1:41 PM > To: dokuwiki@xxxxxxxxxxxxx > Subject: [dokuwiki] Re: Authenticate against LDAP but retain > users.auth.php group assignment? > > On Fri, 21 Nov 2008 13:37:03 -0500 > "Metz, Bobby" <Bobby.Metz@xxxxxxxxxxxxxxxxxx> wrote: > > > I've recently upgraded my doku version and I want to switch to LDAP > > authentication but I want to retain the ability to assign groups to > > users via users.auth.php instead of using LDAP groups since I have a > > lot of automation around this file already and it affords me stricter > > security control than with my LDAP server which several departments > > use. I looked through the LDAP auth documentation but it seems to be > > all or nothing. Can someone more knowledgeable of using LDAP with > > doku provide some advice please? Is my assumption correct that I can > > only use LDAP groups with LDAP authentication? Or is there a middle > > ground and if so what it might be and where can I find info for > > configuring it? > > > > Well, I've had the same problem - a company-wide LDAP that I cannot > control in any respect and just a handful of those 5000+ users should > be able to access and/or edit a wiki. The wiki contains documentation > for different project groups that should be read and edited in most > cases only by those groups. > > To achieve that, I have patched ldap.class.php with a snippet from > plain.class.php so that local, plain text groups get read when a > configuration variable ($conf['ldap']['localgroup']) is set. > > In my configuration the default group has no rights at all, so all > users have no access to the wiki even if they can login. > > All user administration takes place locally but users can use their > company wide login and password. > > I have put that as a wish-list bug into dokuwiki's bug tracking system. > > The (very short) patch is enclosed. > > Klaus -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist