Dear all I have a problem with our WIKI's and the LDAP authentication:
* MediaWiki version: 1.12.0 * PHP version: 5.1.6 * MySQL version: 5.0.22 * URL: Intranet only For some WIKIs that are running in our Intranet, I need to authenticate our users using LDAP and the following two WIKI groups: Readers (testgroup) and Writers (testgroup2). Anonymous should not be able to read the WIKI pages. my problem is, that using the syntax:
$wgLDAPRequiredGroups = array( "testLDAPdomain"=>array( "cn=testgroup,ou=groups,dc=LDAP,dc=example,dc=com", "cn=testgroup2,ou=groups,dc=LDAP,dc=example,dc=com" ), I cannot define different rights for users in the testgroup than the users in the testgroup2 have. This mean, if a user is in one of each two groups, he will always get the Writers access. Can you please explain how I can define two groups, with different rights (Readers & Writers)? Regards,
Alex Durrer Schweizerische Bundesbahnen SBB Service Center Software Engineering / ETU Lindenhofstr. 1 / Worblaufen, CH-3000 Bern 65 Direkt +41 (0)51 220 68 05 Fax +41 (0)51 220 44 55 Mobil +41 (0)79 750 12 09 alexander.durrer@sbb.chmailto:alexander.durrer@sbb.ch / www.sbb.ch<www.sbb.ch%20>
For some WIKIs that are running in our Intranet, I need to authenticate our users using LDAP and the following two WIKI groups: Readers (testgroup) and Writers (testgroup2). Anonymous should not be able to read the WIKI pages. my problem is, that using the syntax:
$wgLDAPRequiredGroups = array( "testLDAPdomain"=>array( "cn=testgroup,ou=groups,dc=LDAP,dc=example,dc=com", "cn=testgroup2,ou=groups,dc=LDAP,dc=example,dc=com" ), I cannot define different rights for users in the testgroup than the users in the testgroup2 have. This mean, if a user is in one of each two groups, he will always get the Writers access. Can you please explain how I can define two groups, with different rights (Readers & Writers)?
This is only part of what you want...
You are limiting login to these specific groups, but you also need to synchronize your security groups. See:
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Group_based_ restrictions_.28NEW.29
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Group_synchr onization
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Syncronizing _LDAP_groups_with_MediaWiki_security_groups
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Group_based_ login_restriction_configuration_options
You'll also need to setup your MediaWiki groups as well:
http://www.mediawiki.org/wiki/Manual:User_rights
http://www.mediawiki.org/wiki/Manual:User_rights_management
http://www.mediawiki.org/wiki/Manual:Preventing_access
V/r,
Ryan Lane
mediawiki-l@lists.wikimedia.org