I have dokuwiki authenticating to my OSX LDAP server (OSX 10.3.9 Server), but I'm having trouble fine tuning the LDAP filters. Two questions (more LDAP related than dokuwiki, I guess):
1. How do I add the user's primary group to the group membership list? It's in OSX's LDAP as gidNumber of the user. The user membership of the groups doesn't include the primary group of users.
I tried (a slight variation of the basic setting in the wiki:auth:ldap documentation, which looks like it is meant to do what I want):
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gidNumber})(memberUID=%{uid})))';
but it doesn't seem to help. (Note: LDAP debug isn't listing group membership for some reason, so I can only check by trying to access pages that only the group has read access to.) It does work if I edit the LDAP info on the server so the group's user membership explicitly includes the user.
I also tried mapping gidNumber from the server to 'gid' and using %{gid} in the group filter, but still no luck.
2. Is it possible to filter out from authentication users that are members of certain groups? I don't want some groups to be able to authenticate at all, regardless of what permissions they may have in the wiki ACL (none).