[Moin-user] Using AD group names for ACLs?
Thomas Waldmann
tw-public at gmx.de
Wed Jun 4 18:29:10 EDT 2008
Hi Greg,
> I'm a newbie MoinMoin admin. I've been tasked with setting up four
> MoinMoin wikis that use ActiveDirectory group names for user
> authentication.
There is no ldap group support yet. But we have a "Google Summer of Code
2008" project to implement that.
What you can do right now is:
a) write some script that extracts group information from AD/LDAP and
pushes that onto a group definition page in the wiki
You may want to have a look at MoinMoin/xmlrpc/UpdateGroup.py for this.
b) for some very simple group use (like "only accept authentication of
group x members") you can also put the group into the ldap filter
expression when searching for the user account data in AD.
> However, I have two wikis that have certain requirements: with one wiki,
> no one is supposed to be able to read or edit the pages but the members
> of one group (let's call them the "jetsons" group).
That could even work with b) (and Known: vs. All:).
> I am using Moin 1.5.7, and am about to upgrade to Moin 1.6.3.
Good idea. :)
BTW, 1.7 will have enhanced authentication. E.g. you could configure 2
AD servers and have failover to the secondary if the primary fails.
That's not limited to LDAP, the secondary auth could be any auth you
trust and that works for the same user names/passwords.
Cheers,
Thomas
More information about the Moin-user
mailing list