On Mon, Nov 17, 2008 at 05:04:04PM -0600, Lane, Ryan
wrote:
Is there
a way to only allow members of certain groups to log
on, or to
only allow members of one or more groups to edit certain pages?
Both! See:
http://www.mediawiki.org/wiki/Ldap#Group_based_restrictions_.28NEW.29
When I try to log in as a user not in a specified group, I get "Login
error: Incorrect password entered. Please try again." That will cause
all sorts of problems... how do I make it say, "You are not in an
authorized group" or something similar?
This isn't currently possible, because authentication extensions can't
pass messages back to the login form.
I've been thinking about tackling this problem for a while, but other
things have been higher priority. I'll put this onto my todo list.
Of course, you don't necessarily need to deny login access; you could
synchronize the groups, and only allow read and/or write access based
upon groups. You can do this by taking all privileges away from "user"
and assigning them to groups that you manage.
V/r,
Ryan Lane