Thread:Extension talk:LDAP Authentication/Group synchronization won't update groups a user is in/reply (4)

LocalSettings.php

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin;
 * 1) Enable LDAP Authentication

$wgLDAPDomainNames = array( "OUR_DOMAIN_NAME" ); $wgLDAPServerNames = array( "OUR_DOMAIN_NAME" => "OUR_IP_ADDRESS" );
 * 1) DNs in $wgLDAPRequiredGroups must be lowercase, as search result attribute values are...

$wgLDAPSearchStrings = array( "OUR_DOMAIN_NAME" => "USER-NAME@OUR_DOMAIN_NAME" ); $wgLDAPEncryptionType = array( "OUR_DOMAIN_NAME"=>"clear"); $wgLDAPLowerCaseUsername = array("OUR_DOMAIN_NAME"=>true); $wgLDAPGroupUseFullDN = array( "OUR_DOMAIN_NAME"=>true ); $wgLDAPSearchAttributes = array( "OUR_DOMAIN_NAME"=>'sAMAccountName'); $wgLDAPRetrievePrefs = array( "OUR_DOMAIN_NAME"=>"true" ); $wgLDAPGroupNameAttribute = array( "OUR_DOMAIN_NAME"=>"cn" ); $wgLDAPBaseDNs = array("OUR_DOMAIN_NAME"=>"DC=DOMAIN,DC=com");

$wgLDAPRequiredGroups = array( "OUR_DOMAIN_NAME"=> array( "cn=wikiadmin,ou=groups,ou=group,dc=DOMAIN,dc=com", "cn=wikiuser,ou=groups,ou=group,dc=DOMAIN,dc=com")); $wgGroupPermissions['wikiadmin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['wikiuser'] = $wgGroupPermissions['user'];

//But allow them to read e.g., these pages: $wgWhitelistRead = array ("Main Page", "Public");

$wgLDAPUseLDAPGroups = array('OUR_DOMAIN_NAME' => true); $wgLDAPGroupsUseMemberOf = array("OUR_DOMAIN_NAME"=>true);
 * 1) Synchronizing LDAP groups with MediaWiki security groups

// $wgLDAPGroupObjectclass = array( "OUR_DOMAIN_NAME"=>'group' ); // $wgLDAPGroupAttribute = array( "OUR_DOMAIN_NAME"=>'member' );

//$wgLDAPGroupSearchNestedGroups = array("OUR_DOMAIN_NAME"=>true); //$wgLDAPGroupsPrevail = array('OUR_DOMAIN_NAME' => true);

//Deny access to Anonymous $wgGroupPermissions['*']['createaccount']     = false; $wgGroupPermissions['*']['read']              = false; $wgGroupPermissions['*']['edit']              = false; $wgGroupPermissions['*']['createpage']        = false; $wgGroupPermissions['*']['createtalk']        = false;

$wgGroupPermissions['user']['edit']            = false;

$wgGroupPermissions['sysop']['upload']       = false;

LDAP DEBUG 2011-05-11 15:16:49 media_wiki: Setting user groups. 2011-05-11 15:16:49 media_wiki: Entering setGroups. 2011-05-11 15:16:49 media_wiki: Locally managed groups is unset, using defaults:  bot::sysop::bureaucrat 2011-05-11 15:16:49 media_wiki: Available groups are:  bot::sysop::bureaucrat::registered_users::wikiadmin::wikiuser 2011-05-11 15:16:49 media_wiki: Effective groups are:  *::user::autoconfirmed 2011-05-11 15:16:49 media_wiki: Checking to see if user is in: bot 2011-05-11 15:16:49 media_wiki: Entering hasLDAPGroup 2011-05-11 15:16:49 media_wiki: Checking to see if user is in: sysop 2011-05-11 15:16:49 media_wiki: Entering hasLDAPGroup 2011-05-11 15:16:49 media_wiki: Checking to see if user is in: bureaucrat 2011-05-11 15:16:49 media_wiki: Entering hasLDAPGroup 2011-05-11 15:16:49 media_wiki: Checking to see if user is in: registered_users 2011-05-11 15:16:49 media_wiki: Entering hasLDAPGroup 2011-05-11 15:16:49 media_wiki: Checking to see if user is in: wikiadmin 2011-05-11 15:16:49 media_wiki: Entering hasLDAPGroup 2011-05-11 15:16:49 media_wiki: Checking to see if user is in: wikiuser 2011-05-11 15:16:49 media_wiki: Entering hasLDAPGroup 2011-05-11 15:16:49 media_wiki: Saving user settings.

PROBLEM

The user wikiadmin is not assigned to sysop and The user wikiuser is not assigned to user

it seems like whoever logs in gets 'user' rights. how can I put the LDAP users in a GROUP ?