[Moin-user] LDAP authentification and ACL
Jérôme Bove
jerome.bove at camptocamp.com
Fri Apr 26 10:07:09 EDT 2013
Hi everyone !
I've managed to get LDAP authentification to work with my MoinMoin
installation by using the following code in Apache configuration:
<Location /wiki1>
AuthName "Wiki wiki1"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPUrl "ldap://
10.27.21.6/dc=ldap,dc=c2c?uid??(|(gidNumber=1029)(sambaSID=*))"
Require ldap-group cn=dev,ou=Groups,dc=ldap,dc=c2c
Require ldap-group cn=mapfish,ou=Groups,ou=Externals,dc=ldap,dc=c2c
Require ldap-group cn=sitev5,ou=Groups,ou=Externals,dc=ldap,dc=c2c
</Location>
I can login with any user from dev, mapfish and sitev5 groups but all users
have read write permissions. What I need is readonly permissions for group
sitev5. I tried to do this
in /var/www/wiki/private/moin-1.9.7/MoinMoin/config/wiki1.py:
acl_rights_before = u'-sitev5:write,delete,revert'
And nothing changed, I can still edit pages from a user in sitev5 group. So
I tried to use the whole ldap dn:
acl_rights_before =
u'-cn=sitev5,ou=Groups,ou=Externals,dc=ldap,dc=c2c:write,delete,revert'
But this is exactly the same.
Does anybody have an idea of how I could achieve to have a readonly group ?
No matter for me if it is managed with apache or with moinmoin.
Have a nice weekend,
Jérôme
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20130426/d6f635ec/attachment.html>
More information about the Moin-user
mailing list