[pmwiki-users] LDAP groups

David Johnson david.johnson at caldwellfunding.com
Wed Sep 10 12:02:19 CDT 2008


Hey, Greg

I'm trying to figure out your modification to the authuser.php file.  I
am not very familisr with the hphp function ldap_search.  I am looking
it up online but I wonder if you could explain a little bit about how it
works together with the users.  What I ultimately want to do it set
permissions for groups of pages based on the AD group of the current
user.  Is this search returning every attribute of a record with a
cn=its_auth?  That's what it looks like to me.  What I wonder about is,
how can I reference this kind of thing in the attributes page for a
group in PmWiki?  I hope that's not too confusing sounding.  I mean,
when I set up permissions for individual IDs, I can say id:* or
id:djohnson but how can I say "if user is part of the IT group"?


-----Original Message-----
From: Greg T. Grimes [mailto:greg.grimes at msstate.edu] 
Sent: Wednesday, September 10, 2008 10:33 AM
To: David Johnson
Subject: Re: [pmwiki-users] LDAP groups


I have it working.  I had to hack the authuser.php file.  Here's what I 
have in my config.php file:

$AuthUser['ldap'] = 
'ldap://lauth.msstate.edu/ou=People,dc=msstate,dc=edu';

$DefaultPasswords['edit'] = 'id:*';
$DefaultPasswords['read'] = 'id:*';
$DefaultPasswords['delete'] = 'id:*';

include_once("scripts/authuser.php");

This is what I changed in my authuser.php:

           $sr = ldap_search($ds, 'ou=Groups,dc=msstate,dc=edu', 
'(cn=its_auth)');

That's on line 152.  Not sure about the latest versions, but this is on 
version 2.1.27

On Wed, 10 Sep 2008, David Johnson wrote:

> Hi.  I just got LDAP working for our company with PmWiki, and that's
> very exciting.  Now, however, though that will work forn us for the
> moment, I was wondering if anyone has ideas about how to use LDAP (MS
> Active Directory) groups.  I searched around and saw that this had not
> been possible a couple years back, is it still that way?  It would be
> soooooo convenient especially as the company grows to control
> permissions without each individual username.   Does nayone know wbout
> this stuff or have even an unofficial solution?  I would appreciate
any
> ideas very much.
>
> -          DJ
>
>
> The information contained in this message, including any attachment
hereto, may contain confidential and/or privileged material.
> This message is intended solely for the person(s) to whom it is
addressed. If you are not an intended recipient, please be advised
> that any review, use, dissemination, forwarding or copying of this
message is strictly prohibited. If you received this
> message in error, please notify the sender immediately and delete it
from your system. E-mail transmissions are not secure,
> and we accept no liability for errors in transmission, delayed
transmission, changes made to this message after it was originally sent,
> or other transmission-related issues. Whilst all reasonable care has
been taken to avoid the transmission of viruses, it is the
> responsibility of the recipient to ensure that the onward
transmission, opening or use of this message and any attachments
> will not adversely affect its systems or data. No responsibility is
accepted by Caldwell Funding Corporation and its affiliates in this
> regard and the recipient should carry out such virus and other checks
as it considers appropriate.
>

-- 
Greg T. Grimes
Network Analyst
ITS -- Network Services
Mississippi State University
The information contained in this message, including any attachment hereto, may contain confidential and/or privileged material. 
This message is intended solely for the person(s) to whom it is addressed. If you are not an intended recipient, please be advised 
that any review, use, dissemination, forwarding or copying of this message is strictly prohibited. If you received this
message in error, please notify the sender immediately and delete it from your system. E-mail transmissions are not secure, 
and we accept no liability for errors in transmission, delayed transmission, changes made to this message after it was originally sent, 
or other transmission-related issues. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the 
responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments 
will not adversely affect its systems or data. No responsibility is accepted by Caldwell Funding Corporation and its affiliates in this 
regard and the recipient should carry out such virus and other checks as it considers appropriate. 




More information about the pmwiki-users mailing list