Hi,
I have a fresh DokuWiki farm installed with farmer plugin and everything works just fine. Now I want to use authad in an animal, which generally works, too. Here's my config
$conf['superuser'] = '@sec-gr-wiki-farm-admin';
$conf['plugin']['authad']['account_suffix'] = '@domain.dir';
$conf['plugin']['authad']['debug'] = 1;
$conf['plugin']['authad']['recursive_groups'] = 1;
$conf['plugin']['authad']['real_primarygroup'] = 1;
$conf['plugin']['authad']['base_dn'] = 'OU=User,OU=Company,DC=domain,DC=dir';
$conf['plugin']['authad']['domain_controllers'] = 'domain.dir';
$conf['plugin']['authad']['admin_username'] = 'ad-admin';
$conf['plugin']['authad']['admin_password'] = 'ad-pass';
$conf['plugin']['authad']['additional'] = 'mail';
$conf['plugin']['authad']['use_ssl'] = 0;
$conf['plugin']['authad']['use_tls'] = 0;
$conf['plugin']['authad']['expirywarn'] = 0;
$conf['plugin']['authad']['update_name'] = 0;
$conf['plugin']['authad']['update_mail'] = 0;
Users should be managed through security groups within AD (for some reasons). So I want to limit the AD query to somthing like
$conf['plugin']['authad']['base_dn'] = '(&(memberof=CN=sec-gr-wiki-admin,OU=Security-Groups,OU=Groups,OU=Company,DC=domain,DC=dir)(OU=User,OU=Company,DC=domain,DC=dir))';
Right now, the animal admin user is able to see all AD user entries in the usermanager, which is a data privacy issue in my company.
I already searched at
adLDAP documentation and other ressources, but couldnt find a solution.
I think there should be a $config parameter like $conf['plugin']['authldap']['userfilter'] from the authldap plugin.
Does anybody had the same issue and can provide a solution?
A workaround could be to just disable the usermanager, since we don't need it with AD authentication, anyway?!