Hi,
is it possible to use an attribute which is not part of the DN as the name of a group? My group DNs look something like this:
GroupUID=1234,ou=groups,ou=myou,o=myo,dc=de
This results in a short name (as shown by ShowUserGroups.php
) of "1234". The attribute which holds the name that I would like to use instead, is cn
.
If I use mappedgroups
to sync the groups and manually map the names to the DNs, they are correctly added to the wiki. However, if I use allgroups
, they're not. As I understand, this is due to the fact that only groups mentioned in e.g. wgGroupPermissions
are added. Obviously I use the groups' cn
s, not the GroupUID
s in those settings. Can this be done?
Our current Wiki which still uses the old LDAP stack, has this setting $wgLDAPGroupNameAttribute = array('ldap1' => "cn");
which works fine.
Here is my current ldapprovider.json
:
{
"MyDomain": {
"connection": {
"server": "ldap.mydomain.de",
"port": 389,
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "ou=myou,o=myo,dc=de",
"groupbasedn": "ou=groups,ou=myou,o=myo,dc=de",
"userbasedn": "ou=users,ou=myou,o=myo,dc=de",
"searchattribute": "uid",
"usernameattribute": "uid",
"realnameattribute": "displayName",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory",
"groupobjectclass": "groupOfNames"
},
"groupsync": {
"mechanism": "allgroups"
}
}
}
MediaWiki and LDAP stack relatively up to date on the REL1_35 branches.
Thanks in advance!
Update: I tried using the GroupUID
in a group permission and that works with the allgroups
mechanism. So the question boils down to "How can I use a different attribute as the name of the group?".