[dokuwiki] Re: LDAP and user management?

  • From: Grant Gardner <grant@xxxxxxxxxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Wed, 30 Jan 2008 22:43:14 +1100

Hi Corey, 

Glad to hear this is working with ldap as I wasn't able to test that
myself.

The normal acl http://wiki.splitbrain.org/wiki:acl behaviour should work
with the groups returned by the first backend that finds the userid, and
of course by giving access to the specific userids.

Where this comes unstuck is if you want to have your own "groups" of
ldap users. Clearly you don't have control to add new ldap users
(otherwise you wouldn't need chained) and therefore probably can't add
users to ldap groups either. 

If this is your issue then perhaps we could enhance chainedauth with an
option to union the groups from all the backends in the chain. Then for
your special ldap users you would add an entry for them in the plain
backend but only the group assignments would be used by dokuwiki.


Cheers,
     Grant.

BTW: I noticed the chainedauth page had a couple of debugging "msg"
statements in the code, you might want to comment them out.





On Tue, 2008-01-29 at 14:42 -0500, aliasonline@xxxxxxx wrote:
> Thanks Seb!
> 
> That fixed the problem!  The "chainedauth" was developed by Grant  
> Gardner and the code is available at 
> http://wiki.splitbrain.org/wiki:tips:chainedauth
> 
> The next question is how do I give full or edit access to a few of the  
> users in ldap.  I don't want to give full access to everyone in ldap.
> 
> Thanks in advance!
> 
> Corey
> 
> On Jan 29, 2008, at 1:59 PM, Sebastian Krohn wrote:
> 
> >
> > On Tuesday 29 January 2008 15:15:44 aliasonline@xxxxxxx wrote:
> >> That's  exactly what I want to do; give a few users who are not in
> >> ldap full, edit only or read only access.
> >>
> >> I looked at inc/auth/ldap.class.php but couldn't figure it out what
> >> you meant.
> >>
> >> Can you give me some sample code to mix two authentication providers?
> >
> > There's something called 'chained authtype'. I use it to mix my  
> > regular
> > user's LDAP-based accounts with some wiki-only users:
> >
> > $conf['chained_authtypes'] = 'ldap:plain';
> > $conf['chained_usermanager_authtype'] = 'plain';
> > $conf['auth']['ldap']['server'] = 'localhost';
> > $conf['auth']['ldap']['port'] = '389';
> > [...]
> >
> > I can't remember if this was part of the distribution but a search in
> > the official wiki and/or mailing list archive should give some hints.
> >
> > HTH
> >
> >    Seb
> 

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: