[pmwiki-users] LDAP and Group Authentication

ThomasP pmwikidev at sigproc.de
Thu Jan 17 23:04:51 CST 2008


On Wed, January 16, 2008 1:33 pm, Thomas Gemperli wrote:
> ...
>
> I missed this thread, so I am not sure if this is interesting for you.
>
> I use a self written piece of php (attachment) to get group members
> out of my LDAP directory (Apple OpenDirectory). It will most likely
> not work with AD, because AD stores group information inside user
> containers.
>
> Use something like this in config.php:
>
> $AuthUser['@editors'] =  get_ldap_values("cn=groups", "(cn=GROUP)",
> array("memberUid"));
> $AuthUser['@admins'] =  get_ldap_values("cn=groups",
> "(cn=OTHERGROUP)", array("memberUid"));
>
> $DefaultPasswords['edit'] = '@editors';
> $DefaultPasswords['attr'] = '@editors';
> $DefaultPasswords['upload'] = '@editors';
> $DefaultPasswords['admin'] = array('@admins','id:ANOTHERUSER');
>
> Thomas

Hello,

looking diagonal over this and the previous ldif output hints me that this
is already exactly what would also work in Gary's case (since there also
the users (also via memberUid attributes) are in group "containers").

I somehow would guess that one has to provide

ou=Group,dc=engr,dc=georgefox,dc=edu

as root node for the search, and then filter by "cn=MYGROUP". The hurdle
that I have with this is currently "only":

Where actually is the get_ldap_values function defined? (Could see it
neither in pmwiki nor on php.net.) What does one provide as arguments?

Gary, if you just want to give it a try, use

$AuthUser['@MYGROUP'] = 
get_ldap_values("ou=Group,dc=engr,dc=georgefox,dc=edu", "(cn=MYGROUP)",
array("memberUid"));

and this line repeated with MYGROUP replaced with your groups found in the
LDAP tree.

Then authuser permission granting as usual.

ThomasP





More information about the pmwiki-users mailing list