Topic on Extension talk:LDAPGroups/Archive 2

LDAP AD Group "groupsync mapping" to mediawiki group user / administrators

1
Melters2022 (talkcontribs)

Hello!


I setup mediawiki 1.35 LTS with an AD LDAP and it works fine so far.

Now i wanted to specify one AD Group in my wiki with user rights and another AD Group with administrator rights.

In my actual setup both specified AD Groups "standard_wiki_users" and "standard_wiki_admins" have only user rights.

Maybe there is some mistake in my idea of setting up this... As i read every user is as standard in group "user", but how can

in specify an AD group additional to group "administrator"?


in Localsettings i configured:

#Create Wiki-Group 'standard_wiki_users' from default user group

$wgGroupPermissions['standard_wiki_users'] = $wgGroupPermissions['user'];

#Load LDAP Config from JSON

$ldapJsonFile = "$IP/ldap.json";

$ldapConfig = false;

if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {

  $testJson = @json_decode(file_get_contents($ldapJsonFile),true);

  if (is_array($testJson)) {

   $ldapConfig = true;

  } else {

   error_log("Found invalid JSON in file: $IP/ldap.json");

  }

}


In ldap.json in configured:

...

              "authorization": {

                       "rules": {

                               "groups": {

                                       "required": [

                               "cn=standard_wiki_users,ou=xyz,dc=test,dc=test,dc=com",

  "cn=admin_wiki_users,ou=xyz,dc=test,dc=test,dc=com"

                                               ]

                                       }

                               }

                       },

               "groupsync": {

                       "mapping": {

                               "user": "CN=standard_wiki_users,ou=xyz,dc=test,dc=test,dc=com",

"administrator": "CN=admin_wiki_users,ou=xyz,dc=test,dc=test,dc=com"

                       }

               }

       }

}


Thanks!

Reply to "LDAP AD Group "groupsync mapping" to mediawiki group user / administrators"