MHart wrote:
You need to query the directory for the "group" information, then add that group to the user's list of groups (can be any string)
To add to the group, either use: $wgUser->addGroup($groupname); or you can use direct SQL:
INSERT INTO user_groups (ug_user, ug_group) VALUES (SELECT user_id FROM user WHERE user_name = 'MHart' , 'groupname');
Then use the $wgGroupPermissions['groupname']['edit'] = true; or whatever in LocalSettings.php
OK - but how does this work vis-a-vis AD authentication and groups?
If I include the following in the LocalSettings file it does not work $wgLDAPRequiredGroups = array( "McGill"=>array("cn=043-NCS ES LMS Wiki Editors,ou=Admin_Unit Groups,ou=Network & Communications Services,OU=University Administration,dc=campus,dc=mcgill,dc=ca") ); $wgLDAPGroupUseFullDN = array( "McGill"=>true ); $wgLDAPGroupObjectclass = array( "McGill"=>"group" ); $wgLDAPGroupAttribute = array( "McGill"=>"member" ); $wgLDAPGroupSearchNestedGroups = array( "McGill"=>false ); $wgLDAPBaseDNs = array( "McGill"=>"dc=campus,dc=mcgill,dc=ca" );
Removing it I have authentication working fine, but no groups....
r
- MHart
----- Original Message ----- From: "Ron Hall" ron.hall@mcgill.ca To: "MediaWiki announcements and site admin list" mediawiki-l@Wikimedia.org Sent: Monday, September 25, 2006 9:42 AM Subject: [Mediawiki-l] MediaWiki, LDAP Authentication and AD groups
Howdy!
I have Media Wiki 1.6.8 setup with Authentication to LDAP - this is behaving as advertised. I would now like to set it up so that only members of a specific group have access to editing the pages, though anyone can view them.
I can send the config file or relevant bits if you think it will help - or do I need to do something different?
r _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l