![]() By default, there are two mechanisms available: Local wiki user groups can be automatically synchronized with groups that are set in LDAP. Required groups ( ) Excluded groups ( ) Group synchronization The functionality is implemented in LDAPAuthorization. This means that if a group requirement is not met, a user can not even log into the wiki and no user account will be created in the wiki database. The LDAP Stack can be configured to allow only certain user groups to actually log in to the wiki. Working with Groups Group based login restrictions by using Apache mod_auth_kerb) You need Extension:Auth_remoteuser I want to have form-based authentication where my user puts in a username and password that are managed within LDAP You need Extension:LDAPProvider, Extension:PluggableAuth and Extension:LDAPAuthentication2 I want to restrict login to certain LDAP groups or LDAP attribute values You need Extension:LDAPProvider and Extension:LDAPAuthorization I sync user groups managed in LDAP into local wiki user groups You need Extension:LDAPProvider and Extension:LDAPGroups I sync user info like "realname" or "email" from LDAP into local wiki user properties You need Extension:LDAPProvider and Extension:LDAPUserInfo I want to have network based authentication (implicit login) (e.g. Migration from extension LDAPAuthenticationīe aware that you might not need to install all the LDAP Stack extensions to fulfill your use case:.When migrating from "LdapAuthentication" you will need to convert your configuration. LDAPUserInfo via UserLoadAfterLoadFromSession hook username and domain (table ldap_domains from LDAPAuthentication2) are read from the database. User info synchronization (e-mail, realname. LDAPGroups via UserLoadAfterLoadFromSession hook username and domain (table ldap_domains from LDAPAuthentication2) are read from the database. ![]() If it succeeds, user is created if necessary and domain added to database. After authentication a check for certain group membership is performed. LDAPAuthorization together with PluggableAuth. If it succeeds, user is created if necessary and domain is added to database. After authentication, a check for certain group membership is performed. LDAPAuthorization together with Auth_remoteuser. Input fields for username, password and domainĪuthorization ("group-based restrictions") LDAPAuthentication2 together with PluggableAuth via HTML form on "Special:UserLogin" $_SERVER = and domain are extracted from "REMOTE_USER" Track: Network based authentication (NBA)Į.g.
0 Comments
Leave a Reply. |