dogsbody
I would like to set our DokuWiki to authenticate against our LDAP ComputerServices group and give all the ComputerSerivces Users the read/edit/upload permission and not anyone else. I have the following settings in the \conf\local.php:
$conf['title'] = 'IT Services Wiki';
$conf['useacl'] = 1;
$conf['superuser'] = '@admin, root';
$conf['authtype'] = 'ldap';
$conf['disableactions'] = 'register';
$conf['auth']['ldap']['server'] = 'gxxx';
$conf['auth']['ldap']['binddn'] = '%{user}@xxx';
$conf['auth']['ldap']['usertree'] = 'uid=%{user},OU=ComputerServices,DC=xxxx,DC=xx';
$conf['auth']['ldap']['userfilter'] = '(userPrincipalName=%{user}@xxxx.xx)';
$conf['auth']['ldap']['grouptree'] = 'OU=ComputerServices,DC=xxxx,DC=xx';
$conf['auth']['ldap']['groupfilter'] = '(&(cn=USR_*)(Member=%{dn})(ObjectCategory=group))';
After having these settings, no one except superuser i.e. root can read the pages. Also the User Manager plug-in has disappeared too.
My current work-around is to manually put everyone as a superuser, then they could read it. Surely this isn't a proper way?
Is there a way that I could authenticate against LDAP and only give read/edit/upload permission to users under Computer Services please?
Thanks in advance to any kind people.
andi
Well, are your groups properly recognized? Append a ?do=check to the URL and see if group memberships are correct. Then check if your ACL rules match the groupnames and if the settings are correct.
dogsbody
Thanks for your suggestions. I had turned the ldap debug on and the group was not defined correctly. After messing around with the settings it is working perfectly. Thanks.
For other reader's sake, the config should be:
$conf['title'] = 'IT Services Wiki';
$conf['useacl'] = 1;
$conf['superuser'] = '@admin, root';
$conf['authtype'] = 'ldap';
$conf['disableactions'] = 'register';
$conf['auth']['ldap']['server'] = 'gxxx';
$conf['auth']['ldap']['binddn'] = '%{user}@xxx';
$conf['auth']['ldap']['usertree'] = 'OU=xx,OU=ComputerServices,DC=xxxx,DC=xx';
$conf['auth']['ldap']['userfilter'] = '(userPrincipalName=%{user}@xxxx.xx)';
$conf['auth']['ldap']['grouptree'] = 'OU=xx,OU=ComputerServices,DC=xxxx,DC=xx';
$conf['auth']['ldap']['groupfilter'] = '(&(cn=*)(Member=%{dn})(ObjectCategory=group))';
I don't need the user manager now that I can manage user's account in LDAP.