[pmwiki-users] AuthUser - ldap - how to define custom groups

[Thomas Gemperli]

Hi all


I'm trying to set up PmWiki with LDAP auth. The basic's are working  
well, users have to log on with their ldap usernames and passwords to  
edit pages.

Because I want to use existing ldap groups to assign edit rights I've  
wrote a small piece of php code to get out group-memberships from our  
LDAP. Well, this works also. config.php snippet:

###
include_once("cookbook/archbook.php");

$AuthUser['ldap'] = "$ldaphost/$ldapuserdn,$ldapdn?$ldapuserprefix";
include_once("$FarmD/scripts/authuser.php");

$AuthUser['@editors'] = array(get_ldap_values("cn=groups",  
"(cn=aldapgroup)", array("memberUid")));

$DefaultPasswords['edit'] = '@editors';
$DefaultPasswords['attr'] = '@editors';
$DefaultPasswords['upload'] = '@editors';
###

Note, $AuthUser['@editors'] will contain something like this: "alice,  
bob, steve, bill, laura"

Now I want to give edit rights to another group on some wiki pages  
(or wiki groups). I would like to use "?action=attr" -> "edit  
password" -> "@othereditors" on wiki pages for this this, as  
described in "Site/AuthUser".

My problem, where (and how) can I define "@othereditors"? I don't  
want to make this group static (e.g. "@ othereditors: bart, lisa" in  
"Site/AuthUser"), I want to get this information from ldap the same  
way as I do with "$AuthUser['@editors']"

Obviously the following statement in config.php does not work:
$AuthUser['@othereditors'] = array(get_ldap_values("cn=groups",  
"(cn=anotherldapgroup)", array("memberUid")));

I hope you get the idea, my english isn't that good.


And, before I forget, PmWiki is really great! :)

-Thomas