Topic on Extension talk:LDAP Authentication

Attribute based access restrictions [Solved]

2 comments 19:52, 29 March 2017 7 years ago
2
Suaudeau (talkcontribs)

extension for mediawiki 1.28

Hello, I want to restrict the access to users with a specific attribute.

Here is one of my user:

dn: uid=doe,ou=Staff,ou=People,dc=my-university,dc=org
cn: Doe John
uid: doe
mail: john.doe@my-university.org
ou: MainBuilding

How can I restrict the access to people with ou=MainBuilding ?

Here is my LocalSettings.php config which is functional, but not restrictive enough:

require_once( "extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array('univLDAPdomain');
$wgLDAPServerNames = array('univLDAPdomain' => 'ldap.my-university.org',);
$wgLDAPEncryptionType = array('univLDAPdomain' => 'tls');
$wgLDAPSearchStrings = array(
    'univLDAPdomain' => 'uid=USER-NAME,ou=Staff,ou=people,dc=my-university,dc=org',
   );

Thank you!

Edited 12:50, 29 March 2017 7 years ago
Suaudeau (talkcontribs)

I have found the solution. I have just to add in LocalSettings.php:

$wgLDAPAuthAttribute = array('univLDAPdomain' => 'ou=MainBuilding',);
13:02, 29 March 2017 7 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Tnogdt82ljnx3kl5"