[pmwiki-users] LDAP and Group Authentication
pmwikidev at sigproc.de
Thu Jan 17 23:04:51 CST 2008
On Wed, January 16, 2008 1:33 pm, Thomas Gemperli wrote:
> I missed this thread, so I am not sure if this is interesting for you.
> I use a self written piece of php (attachment) to get group members
> out of my LDAP directory (Apple OpenDirectory). It will most likely
> not work with AD, because AD stores group information inside user
> Use something like this in config.php:
> $AuthUser['@editors'] = get_ldap_values("cn=groups", "(cn=GROUP)",
> $AuthUser['@admins'] = get_ldap_values("cn=groups",
> "(cn=OTHERGROUP)", array("memberUid"));
> $DefaultPasswords['edit'] = '@editors';
> $DefaultPasswords['attr'] = '@editors';
> $DefaultPasswords['upload'] = '@editors';
> $DefaultPasswords['admin'] = array('@admins','id:ANOTHERUSER');
looking diagonal over this and the previous ldif output hints me that this
is already exactly what would also work in Gary's case (since there also
the users (also via memberUid attributes) are in group "containers").
I somehow would guess that one has to provide
as root node for the search, and then filter by "cn=MYGROUP". The hurdle
that I have with this is currently "only":
Where actually is the get_ldap_values function defined? (Could see it
neither in pmwiki nor on php.net.) What does one provide as arguments?
Gary, if you just want to give it a try, use
and this line repeated with MYGROUP replaced with your groups found in the
Then authuser permission granting as usual.
More information about the pmwiki-users