[Moin-user] Using AD group names for ACLs?
Greg Keith
Greg.Keith at noaa.gov
Wed Jun 4 13:58:13 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all-
I'm a newbie MoinMoin admin. I've been tasked with setting up four
MoinMoin wikis that use ActiveDirectory group names for user
authentication. After some struggling with ActiveDirectory syntax and
looking at the LDAP example in smb_farmconfig.py, I got this working,
and now when users log into the wikis, they can be authenticated with
their ActiveDirectory username and password.
However, I have two wikis that have certain requirements: with one wiki,
no one is supposed to be able to read or edit the pages but the members
of one group (let's call them the "jetsons" group). The first time I had
this wiki up, I realized I didn't have to login to see or edit pages, so
I was wondering how I could control access in the required fashion, and
then discovered I could do this with ACLs. But MoinMoin is not
recognizing the second ACL statement I'm using, it seems (users in the
"jetsons" group cannot see or edit any of the wiki pages after I added
the second ACL statement). The two ACL statements I have in my
wikiconfig.py are as follows:
acl_rights_before = u'gkeith:read,write,delete,revert,admin'
acl_rights_default = u'jetsons:read,write,revert,delete'
The group name "jetsons" worked fine for user authentication, but from
my reading of http://moinmo.in/HelpOnAccessControlLists, it seems that I
can't use group names with ACLs unless there is a MoinMoin page for the
group that defines its members. Which seems to defeat the point of using
ActiveDirectory groups for authentication - why bother if I have to
manage the group details within MoinMoin as well?
Anyway, can someone chime in to tell me if the above is correct (that I
can't use AD group names for ACLs unless there is a wiki page defining
the group)? I realize that this functionality may not exist because
wikis are all about open access, but I don't have any choices in the
matter, I was just given some requirements.
I am using Moin 1.5.7, and am about to upgrade to Moin 1.6.3.
Thanks for any help!
Greg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIRte18IR34NeP2BwRAqg6AJ9e95t38sdoS44t0m9uuGcuDqwDegCeKAN/
84SwOkt/itN2TFN8DLJnrlI=
=npgS
-----END PGP SIGNATURE-----
More information about the Moin-user
mailing list