optimus
Hi, I have DokuWiki running in an Active Directory environment in my office. I have the AuthLDAP plugin setup and it's working fine and also ACL is working fine too. I am able use ACL to only allow members of specific security groups (from ActiveDirectory) to view/edit in specific namespaces. For example, only members of the "IT_Wiki_Users" can read pages in the "IT" namespace of the Wiki. My question is...
I noticed that any domain user account is able to login to the Wiki, although user cannot view any namespaces or pages. My office has several hundred staff and I don't want just any domain user to be able to login unless s/he has been vetted first and has need to view the information on the Wiki (some sensitive procedural info). I would like to somehow only allow login if user belongs to a particular security group (in AD). Is this possible? If so, how would I do it?
Thanks for any tips,
Chris
klap-in
In the ACL you can use groups. In the configuration of LDAP you can let it retrieve the groups as well. If the groups from AD/LDAP are available to the wiki they can be used.
optimus
Thanks for trying to help. In ACL I do not see an option to disable login, am I missing something :)? I have already set @ALL to have "None" permission and allow specific security groups (from AD) to have permissions to namespaces depending on group. I am able to login to the DokuWiki as a domain user even with no security groups on the user that have permissions in ACL; should be getting the "None" from @ALL, right?
andi
There is no such option. However since authAD lets you define your own user filters you can construct a filter that checks for the correct group.