[pmwiki-users] LDAP and Group Authentication

ThomasP pmwikidev at sigproc.de
Sat Jan 12 08:02:04 CST 2008 

Hello,

On Fri, January 11, 2008 11:39 pm, Gary Spivey wrote:
> I am interested in the current state of PmWiki authentication.
>
> Here is what I would like to be able to do:
>
> 1)      Use LDAP for user authentication
> 2)      Once authenticated, have access to any LDAP groups that the
> individual is in
> 3)      Utilize the Read/Edit/Upload/Etc. attributes based on either the
> authenticated LDAP user or any selected LDAP groups to
> a.       Allow access to ALL pages in a WikiGroup
> b.      Allow access to ANY pages on the Wiki.
>
> Or, to put it differently, I would like to be able to say that, given
> the following LDAP groups: Faculty, Student, Alumni, I could make it
> such that only Faculty could read pages in a certain WikiGroup, and only
> Faculty and Staff could read pages in a different WikiGroup, and only
> authenticated user can read pages in a different WikiGroup, and maybe 3
> different users could read a particular WikiPage.
>
> I wrote a module (ExternAuth) that makes this work for me now, but it
> isn't necessarily compatible with what everyone else is doing, nor
> likely to be supported by the ongoing development of PmWiki, and I was
> wondering if things have progressed to where what I need is now possible
> using UserAuth1/2/x or anything else ...
>

Reading off group memberships from an LDAP server is the thing that would
have to be added to UserAuth2 (and probably also to the standard PmWiki
auth mechanism) to make possible what you listed. I would add this
functionality to UA2 over the next month or so to get this working. (It
will be also a good idea to consider a general solution which can be used
by any auth module, for example making a separate cookbook recipe
providing only functions to call.)

The question for me is only how to make it in such a way that it is
reusable in many different but similar LDAP scenarios. Can you send some
information about how the LDAP entries are organized in your situation? (I
guess I will need some sample ldif dump for testing later in any case.)

ThomasP

More information about the pmwiki-users mailing list