Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
LDAP + ACL issues
Avatar
merced #1
Member since Nov 2009 · 2 posts
Group memberships: Members
Show profile · Link to this post
Subject: LDAP + ACL issues
I'm trying to set up DokuWiki with my institution's LDAP server.  I've got the correct mappings enabled, but now I am having two issues.

1. - How do I set up the user filter so only people in certain groups are able to login to the wiki?  Here is the contents of my local.php file:

<?php

$conf['title'] = 'Wiki';
$conf['allowdebug'] = 1;
$conf['useacl'] = 1;
$conf['authtype'] = 'ldap';
$conf['superuser'] = '@group-admins';
$conf['securecookie'] = 0;
$conf['userewrite'] = '1';
$conf['auth']['ldap']['server'] = 'ldap://ldaphost:389';
$conf['auth']['ldap']['usertree'] = 'ou=People, dc=domain';
$conf['auth']['ldap']['grouptree'] = 'ou=Groups, dc=domain';
$conf['auth']['ldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(member=%{dn})))';
$conf['auth']['ldap']['version'] = '3';
$conf['auth']['ldap']['starttls'] = '1';
$conf['auth']['ldap']['debug'] = '1';


2. - I can't make any page editable with ACL.  I am logged in as an administrator (using the superuser group group-admins that is defined on my institution's ldap server) but don't get the ability to edit the page.  I've also added the group group-admins to those that are able to globally modify or modify that exact page, but still it won't let me edit.  What else can I try?  Here is the first few lines of debug output:

    [id] => playground:playground
    [rev] =>
    [userinfo] => ***
    [perm] => 255
    [subscribed] =>
    [subscribedns] =>
    [client] => username
    [isadmin] => 1
    [ismanager] => 1
    [namespace] => playground
    [locked] =>
    [filepath] => /var/lib/dokuwiki/data/pages/playground/playground.txt
    [exists] => 1
    [writable] =>
    [editable] =>
    [lastmod] => 1234613606
    [meta] => Array

The host machine is running Fedora 11 with SELinux disabled.  Thanks for any assistance.
Avatar
andi (Administrator) #2
Member since May 2006 · 2446 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by merced:
2. - I can't make any page editable with ACL.  I am logged in as an administrator (using the superuser group group-admins that is defined on my institution's ldap server) but don't get the ability to edit the page.

    [writable] =>

Check your file permissions.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
merced #3
Member since Nov 2009 · 2 posts
Group memberships: Members
Show profile · Link to this post
Wow.  For some reason, the default playground.txt, dokuwiki.txt, and syntax.txt files were installed from the Fedora RPM with root:root 755.  I chowned them to apache:apache and it all started working.  Thanks!

Any links or suggestions on how to limit users who are allowed to access the wiki?  I only want one LDAP group to be able to login.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20120620-dev, © 2003-2011 by Yves Goergen
Current time: 2014-04-17, 20:28:03 (UTC +02:00)