gigglingpresident
Hello all:
I have configured "authldap" plugin to the point where I can authenticate with any user from our enterprise NetIQ edirectory and locked down specific namespaces on wiki by using "Access Control List Management". Problem I am having is when I want to use groups from edirectory where users resign instead of entering each user in "Access Control List Management". That functionality is not working. "Access Control List Management" will not recognize groups from my edirectory but it will recognize users. Below is a copy of my local.php to see. Did anyone ran into this issue?
Scenario example: I would like all users of windowsgroup to be able to edit specific namespace which doesn't work at this time. But when I indicate a specific user of windowsgroup in ACL to edit namespace, that will work.
$conf['authtype'] = 'authldap';
$conf['superuser'] = '@admin,ldapuser1';
$conf['disableactions'] = 'backlink,register,resendpwd,profile,profile_delete,subscribe,unsubscribe';
$conf['subscribers'] = 1;
$conf['plugin']['authldap']['server'] = 'ldaps://domain.com:636';
$conf['plugin']['authldap']['port'] = 0;
$conf['plugin']['authldap']['usertree'] = 'o=start';
$conf['plugin']['authldap']['grouptree'] = 'ou=wikigroups,ou=managedgroups,o=start';
$conf['plugin']['authldap']['userfilter'] = '(&(objectClass=Person)(uid=%{user}))';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectclass=top)(|(groupmembership=cn=windowsgroup,ou=wikigroups,ou=managedgroups,o=start)))';
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['binddn'] = 'cn=xxxx,o=start';
$conf['plugin']['authldap']['bindpw'] = 'xxxxxxxxxxxxxxxxxxxxxxx';
$conf['plugin']['authldap']['userkey'] = 'cn';
gigglingpresident
Looks like its working now. I have added additional line to local.php and ran "?do=check" on each user to verify that dokuwiki can see its group.
$conf['plugin']['authldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i');
What is strange is that after couple of minutes this line disappears from local.php overwritten by apache:root but my authldap config still works without breaking groups authentication for ACL purpose.