Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
AuthAD and Local admin/user
Avatar
Ithrael #1
Member for a month · 4 posts
Group memberships: Members
Show profile · Link to this post
Subject: AuthAD and Local admin/user
Hello,
I set up Ubuntuserver where i installed and configured DokuWiki. Everything is working fine.

Today I try to configure and turn on ActiveDirectory Authentication. And I stuck on such problem.

I use Active Directory Auth Plugin (docs: https://www.dokuwiki.org/plugin:authad).
And after i configure and turn on authad, I Can login on domain account (without admin rights). But unfortunatelly i cant login on my administrator account (local dokuwiki account created during instalation).

This is my local.php file:

$conf['title'] = 'MY KB NAME ********';
$conf['template'] = 'bootstrap3';
$conf['license'] = 'gnufdl';
$conf['allowdebug'] = 1;
$conf['useacl'] = 1;
$conf['disableactions'] = 'register,profile_delete';
$conf['superuser'] = '@admin';
$conf['send404'] = 1;
$conf['plugin']['authad']['account_suffix'] = '******';
$conf['plugin']['authad']['base_dn'] = 'OU=Users,OU=MyBusiness,DC=****,DC=****';
$conf['plugin']['authad']['domain_controllers'] = '******';
$conf['plugin']['authad']['admin_username'] = '******';
$conf['plugin']['authad']['admin_password'] = '******';
$conf['plugin']['authad']['debug'] = 1;
$conf['tpl']['bootstrap3']['socialShareProviders'] = 'facebook,linkedin,pinterest,whatsapp,reddit,twitter,telegram,yammer,google-plus';

// end auto-generated content

Ok and hesre is my question. How can i get access to my account (outside domain) f.e. Administrator. Right now, i get login on domain users but without admin rights...I need it during my work... But i need ActiveDirectoru authorization at the same time.
What should i do?

EDITED:
I've tried to create new local user, and then give him admin group...But with no possitive result :/

Sorry for my english.
This post was edited on 2019-06-17, 15:35 by Ithrael.
Avatar
cziehr #2
Member since Jan 2011 · 589 posts · Location: 10119 Berlin
Group memberships: Members
Show profile · Link to this post
As far as I know, it is not possible to use users from an ActiveDirectory and local users in DokuWiki at the same time.

Greetings,
Christoph
Avatar
Ithrael #3
Member for a month · 4 posts
Group memberships: Members
Show profile · Link to this post
Hey thx for answer.

Have you got any idea? What should I do to give some users from Active Directory, admin rights?
Avatar
cziehr #4
Member since Jan 2011 · 589 posts · Location: 10119 Berlin
Group memberships: Members
Show profile · Link to this post
In your local.php, you got the line

$conf['superuser'] = '@admin';

At the moment, everyone in the group „admin“ has admin rights (the @ defines that it is a group).

If your username in the ActiveDirectory is „ithrael“, change it to

$conf['superuser'] = 'ithrael';

If you want to give admin rights to an ActiveDirectory group named „wikiadmin“, change it to

$conf['superuser'] = '@wikiadmin';
Avatar
schplurtz (Moderator) #5
Member since Nov 2009 · 452 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
In reply to post #2
Hi,

Quote by cziehr:
As far as I know, it is not possible to use users from an ActiveDirectory and local users in DokuWiki at the same time.
It is possible to do that. There are 2 auth plugins that you can combine to do all sorts of funny things.
The first one is authchained, you can use it to try first authplain, then if it fails, authad. This means you can define local users and still use AD users.
The second one is authsplit. It separates user validation (password check) from user info (real name, email, groups). With this one, you can have users from an external source, such as AD, and still define your own groups locally.

Combined together those 2 auth plugins are very powerfull. I have been using this kind of setup flawlessly for years.
// auth method. Allow both ldap and local users
$conf['authtype']       = 'authchained';

// list of authtypes, eg 'authldap:authplain'
$conf['plugin']['authchained']['authtypes'] = 'authsplit:authplain';
// which of the authtypes should be checked for capabilities when no user is logged on.
$conf['plugin']['authchained']['usermanager_authtype'] = 'authplain';

$conf['plugin']['authsplit']['primary_authplugin'] = 'authldap';
$conf['plugin']['authsplit']['secondary_authplugin'] = 'authplain';
$conf['plugin']['authsplit']['autocreate_users'] = 1;

Of course, if AD groups are OK, or the wiki does not need groups, then there is no need for authsplit.
Avatar
Ithrael #6
Member for a month · 4 posts
Group memberships: Members
Show profile · Link to this post
Thx Schplurtz and cziehr for reply.

Unfortunatelly, the authad plugin can't read correctly the AD group. It doesn't give the admin privileges. I don't know why, I tried with documentation and it doesn't work ;(

I will try with Shplurtz solution. I give you my result later :)
This post was edited on 2019-06-19, 09:46 by Ithrael.
Avatar
Ithrael #7
Member for a month · 4 posts
Group memberships: Members
Show profile · Link to this post
Thanks !
With authchained plugin everything works great ! Thank u so much.

For future generation after install authchained plugin, i will put below lines in /dokuwiki/conf/local.php

$conf['useacl'] = 1;
$conf['authtype'] = 'authchained';
$conf['plugin']['authchained']['authtypes'] = 'authad:authplain';
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-07-23, 00:48:02 (UTC +02:00)