[Mediawiki-l] LDAP Inquiry

Lane, Ryan Ryan.Lane at ocean.navo.navy.mil
Wed May 2 17:57:19 UTC 2007


> As it stands, everyone user in my LDAP schema that falls 
> under the following dn: is authorized to login,
> 
> ou=staff,dc=domain,dc=com
> 
> Now where the complexity comes in, is I need to add a 
> contractor to my directory. This contractor should only have 
> access to mediawiki and nothing else which LDAP authorizes 
> users to access such as UNIX logins or other web 
> applications. I do know I can use $wgLDAPUseLocal to allow 
> local logins, but I'd like to avoid keeping authorization 
> local to the wiki.

Add the user to LDAP, but don't add the posixAccount and/or
shadowAccount objectclasses; or, add the user to another OU (something
no other services use), and make another domain for the LDAP plugin,
pointing to this other OU. 



More information about the MediaWiki-l mailing list