I'm using the full LDAP stack to authenticate and authorize users with an Active Directory/LDAPS server :
PluggableAuth/LDAPProvider/LDAPAuthentication2/LDAPAuthorization/LDAPGroups
- authentication works fine for myuser@mydomain
- restrict connection to group CN=SG_Digital_IT,OU=org,DC=mydomain,DC=com to which belongs myuser@mydomain works fine, using authorization.rules.groups.required list (we use userprincipalname as user attribute)
- restriction on specific pages to myuser@mydomain works fine But impossible to make it work for LDAP groups. : I have created a local group in LocalSettings.php : $wgGroupPermissions['SG_Digital_IT']['read'] = true; And a mapping in my /usr/share/mediawiki/extensions/LDAPProvider/ldapprovider.json file : "mapping": { "SG_Digital_IT": "SG_Digital_IT,OU=org,DC=mydomain,DC=com" }
But then in a page, the directive "editAllowedGroups = SG_Digital_IT" does provide access to the page
When Am I wrong ?