[Moin-user] Using AD group names for ACLs?

Greg Keith Greg.Keith at noaa.gov
Wed Jun 4 13:58:13 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hi all-

I'm a newbie MoinMoin admin. I've been tasked with setting up four 
MoinMoin wikis  that use ActiveDirectory group names for user 
authentication.  After some struggling with ActiveDirectory syntax and 
looking at the LDAP example in smb_farmconfig.py, I got this working, 
and now when users log into the wikis, they can be authenticated with 
their ActiveDirectory username and password.

However, I have two wikis that have certain requirements: with one wiki, 
no one is supposed to be able to read or edit the pages but the members 
of one group (let's call them the "jetsons" group). The first time I had 
this wiki up, I realized I didn't have to login to see or edit pages, so 
I was wondering how I could control access in the required fashion, and 
then discovered I could do this with ACLs. But MoinMoin is not 
recognizing the second ACL statement I'm using, it seems (users in the 
"jetsons" group cannot see or edit any of the wiki pages after I added 
the second ACL statement). The two ACL statements I have in my 
wikiconfig.py are as follows:

acl_rights_before = u'gkeith:read,write,delete,revert,admin'
acl_rights_default = u'jetsons:read,write,revert,delete'

The group name "jetsons" worked fine for user authentication, but from 
my reading of http://moinmo.in/HelpOnAccessControlLists, it seems that I 
can't use group names with ACLs unless there is a MoinMoin page for the 
group that defines its members. Which seems to defeat the point of using 
ActiveDirectory groups for authentication - why bother if I have to 
manage the group details within MoinMoin as well?

Anyway, can someone chime in to tell me if the above is correct (that I 
can't use AD group names for ACLs unless there is a wiki page defining 
the group)? I realize that this functionality may not exist because 
wikis are all about open access, but I don't have any choices in the 
matter, I was just given some requirements.

I am using Moin 1.5.7, and am about to upgrade to Moin 1.6.3.

Thanks for any help!

Greg




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
 
iD8DBQFIRte18IR34NeP2BwRAqg6AJ9e95t38sdoS44t0m9uuGcuDqwDegCeKAN/
84SwOkt/itN2TFN8DLJnrlI=
=npgS
-----END PGP SIGNATURE-----

More information about the Moin-user mailing list