Jump to content

Topic on Extension talk:AccessControl/Archive 3

restriction on pages based on LDAP Groups.

1
88.122.99.199 (talkcontribs)

I'm using the full LDAP stack to authenticate and authorize users with an Active Directory/LDAPS server :

PluggableAuth/LDAPProvider/LDAPAuthentication2/LDAPAuthorization/LDAPGroups

  • authentication works fine for myuser@mydomain
  • restrict connection to group CN=SG_Digital_IT,OU=org,DC=mydomain,DC=com to which belongs myuser@mydomain works fine, using authorization.rules.groups.required list (we use userprincipalname as user attribute)
  • restriction on specific pages to myuser@mydomain works fine But impossible to make it work for LDAP groups. : I have created a local group in LocalSettings.php : $wgGroupPermissions['SG_Digital_IT']['read'] = true; And a mapping in my /usr/share/mediawiki/extensions/LDAPProvider/ldapprovider.json file : "mapping": {        "SG_Digital_IT": "SG_Digital_IT,OU=org,DC=mydomain,DC=com" }

But then in a page, the directive "e‌ditAllowedGroups = SG_Digital_IT" does provide access to the page


When Am I wrong ?

Reply to "restriction on pages based on LDAP Groups."