Not sure if that subject will convey exactly what is happening, but I'll try to expound on it here.
I'm doing LDAP auth to our Active Directory, using the following in my local.php:
$conf['authtype'] = 'ldap';
$conf['superuser'] = '@OurWikiAdmins';
$conf['auth']['ldap']['server'] = 'our.ad.server';
$conf['auth']['ldap']['binddn'] = '%{user}@our.domainĂ–';
$conf['auth']['ldap']['usertree'] = 'dc=our,dc=domain';
$conf['auth']['ldap']['userfilter'] = '(samAccountName=%{user})';
$conf['auth']['ldap']['mapping']['name'] = 'displayname';
$conf['auth']['ldap']['mapping']['grps'] = array('memberof'=>'/CN=(.+?),/i');
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=group)(member=%{dn}))';
$conf['auth']['ldap']['referrals'] = '0';
$conf['auth']['ldap']['version'] = '3';
$conf['auth']['ldap']['debug'] = 'true';
That works great. When I authenticate as a member of OurWikiAdmins I get the Admin button. When I authenticate as another user in OurWikiUsers (specified in ACL) I don't get the Admin button but can edit pages. When I authenticate as a user in neither of those groups, I can only view the Start page, which is the way I want it right now.
But if I change anything via the wiki's Configuration Settings page that causes Dokuwiki to modify local.php, authentication still works, but group membership is no longer recognized, so I can neither admin nor edit appropriately.
I finally noticed that Dokuwiki is changing this line:
$conf['auth']['ldap']['mapping']['grps'] = array('memberof'=>'/CN=(.+?),/i');
to this:
$conf['auth']['ldap']['mapping']['grps'] = 'array(\'memberof\'=>\'/CN=(.+?),/i\')';
While I can restore group functionality by replacing that line manually, I'm wondering why this is happening and if there is any way to prevent Dokuwiki from modifying the authentication section of local.php?