Hello!
I setup mediawiki 1.35 LTS with an AD LDAP and it works fine so far.
Now i wanted to specify one AD Group in my wiki with user rights and another AD Group with administrator rights.
In my actual setup both specified AD Groups "standard_wiki_users" and "standard_wiki_admins" have only user rights.
Maybe there is some mistake in my idea of setting up this... As i read every user is as standard in group "user", but how can
in specify an AD group additional to group "administrator"?
in Localsettings i configured:
#Create Wiki-Group 'standard_wiki_users' from default user group
$wgGroupPermissions['standard_wiki_users'] = $wgGroupPermissions['user'];
#Load LDAP Config from JSON
$ldapJsonFile = "$IP/ldap.json";
$ldapConfig = false;
if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {
$testJson = @json_decode(file_get_contents($ldapJsonFile),true);
if (is_array($testJson)) {
$ldapConfig = true;
} else {
error_log("Found invalid JSON in file: $IP/ldap.json");
}
}
In ldap.json in configured:
...
"authorization": {
"rules": {
"groups": {
"required": [
"cn=standard_wiki_users,ou=xyz,dc=test,dc=test,dc=com",
"cn=admin_wiki_users,ou=xyz,dc=test,dc=test,dc=com"
]
}
}
},
"groupsync": {
"mapping": {
"user": "CN=standard_wiki_users,ou=xyz,dc=test,dc=test,dc=com",
"administrator": "CN=admin_wiki_users,ou=xyz,dc=test,dc=test,dc=com"
}
}
}
}
Thanks!