[Mediawiki-l] LDAP Inquiry

[Steve Finkelstein]

Hi all,

I'm currently using Ryan Lane's LDAP authentication and it works great.
I've now been daunted with a task which I'm gathering information on for
a solution.

As it stands, everyone user in my LDAP schema that falls under the
following dn: is authorized to login,

ou=staff,dc=domain,dc=com

Now where the complexity comes in, is I need to add a contractor to my
directory. This contractor should only have access to mediawiki and
nothing else which LDAP authorizes users to access such as UNIX logins
or other web applications. I do know I can use $wgLDAPUseLocal to allow
local logins, but I'd like to avoid keeping authorization local to the
wiki.

I'm aware this question caters more to an LDAP list, and I apologize if
it's off-topic. I just know a lot of you folks probably deal with a very
similar scenario and I'd love to hear insight from anyone in the
mediawiki community.

Thank you for any advice,

- sf