Hi all
I've had a trawl through the forum but not found the exact issue or solution elsewhere, hoping someone here can shed light.
DokuWiki version: Release 2017-02-19e "Frusterick Manners"
PHP version 7.0.28-0ubuntu0.16.04.1
I have added adauth plugin and configured for 3 domains we have here. Any user set as superadmin can authenticate just fine and navigate to anywhere as expected so it would seem that adauth is configured correctly. However any other user who is setup with ACL access can authenticate (they show logged in under user profile) but receive an error:
Permission Denied:
Sorry, you don't have enough rights to continue.
My protected.php file looks like so
<?php
$conf['title'] = 'Wiki';
$conf['useacl'] = 1;
$conf['authtype'] = 'authad';
$conf['plugin']['authad']['ad_port'] = 3268;
$conf['plugin']['authad']['account_suffix'] = '@mydomain1.com';
$conf['plugin']['authad']['base_dn'] = 'dc=domain1,dc=com';
$conf['plugin']['authad']['domain_controllers'] = 'DC01.mydomain1.com,DC02.mydomain1.com,DC03.mydomain1.com,DC04.mydomain1.com';
$conf['plugin']['authad']['admin_username'] = 'service_dokuwiki';
$conf['plugin']['authad']['admin_password'] = '*******';
$conf['plugin']['authad']['mydomain2']['account_suffix'] = '@mydomain2.com';
$conf['plugin']['authad']['mydomain2']['base_dn'] = 'dc=domain2,dc=com';
$conf['plugin']['authad']['mydomain2']['domain_controllers'] = 'DC01.mydomain2.com,DC02.mydomain2.com';
$conf['plugin']['authad']['mydomain2']['admin_username'] = 'service_dokuwiki';
$conf['plugin']['authad']['mydomain2']['admin_password'] = '*******';
$conf['plugin']['authad']['mydomain3']['account_suffix'] = '@mydomain3.com';
$conf['plugin']['authad']['mydomain3']['base_dn'] = 'dc=Domain3,dc=com';
$conf['plugin']['authad']['mydomain3']['domain_controllers'] = 'DC01.mydomain3.com,DC02.mydomain3.com';
$conf['plugin']['authad']['mydomain3']['admin_username'] = 'service_dokuwiki';
$conf['plugin']['authad']['mydomain3']['admin_password'] = '*******';
This is not in relation to SSO which I've seen others reporting here but basic AD authentication. Plain Auth works fine. Output from ?do=check when logged in as standard user shows
I tried enabling debug mode but could not find anything useful in the output as to the cause of this issue. I am assuming at this stage its due to file permissions on the server given the warning messages above.
/var/www/dokuwiki directory is owned by www-data:www-data
I've checked this document which outlines file permissions recommendations
https://www.dokuwiki.org/install:permissions#Unix
And have set 775 permissions which I know is probably too permissive on /var/www/dokuwiki so all directories are writeable by apache user.
Have I missed something obvious here? Anyone care to share a working config as it would seem I'm nearly there and something fairly minor is blocking permissions.
thanks in advance, regards
Kiweegie