I'm using a rather odd setup. I'm using ggauth to provide authentication through CAS, and then using plain to actually add user accounts, and manage group access. I want to integrate Dokuwiki with our learning management system to do automatic assignment of users to groups. Rather then create a script that has to walk through a text file, I thought it might be easier to configure mysql instead of plain for groups. However, I'm having some problems, and I'm not sure if it is related to the mysql, or to the mysql/CAS combination via ggauth. If anyone has any experience with the mysql backend, that would be very helpful.
The Problem:
Here is my config:
$conf['authtype'] = 'split';
$conf['auth']['split']['login_auth'] = 'cas'; # the auth backend for authentication
$conf['auth']['split']['groups_auth'] = 'mysql'; # the auth backend that supplies groups
Users can log in via CAS fine, and when I used plain instead of mysql, they were giving the correct permissions based on the group membership in the users.auth.php file.
However, when using the mysql backend, they don't seem to have any groups. If I go in as an administrator, I can see in the user manager that they exist, and have the correct groups, but the permissions are applied to them when they log in.
--------------------------------
Ok, as I was writing this, I figured it out.
I thought about the CAS plugin. The CAS plugin I used was modified from another who was using LDAP as their base. Since I actually don't have access to the CAS/LDAP server, that isn't an option for me, so I went with plain as the base. So when doing the authentication, it would authenticate using CAS, and then look at plain for some of the user information. While the user manager and other areas, were looking on the mysql DB.
Made 3 changes to my cas plugin:
require_once(DOKU_INC.'inc/auth/mysql.class.php');
include_once('cas/source/CAS.php');
class auth_cas extends auth_mysql {
function auth_cas() {
global $conf;
$this->cando['external'] = true;
$this->auth_mysql();
}
to fall back to mysql and not plain, and it is all working now.
Just going to post this anyway in case it helps someone in the future.