使用great help,我似乎在本地Windows域(abc.local)的内部Wiki(在Debian 10 VM上运行)上已安装LDAP。我希望所有域用户都能够编辑Wiki。当我尝试使用测试帐户(rjsmith)登录Wiki时,我得到User rjsmith not authorized.。如果我故意为rjsmith输入错误的密码,则会得到Could not authenticate credentials against domain "abc.local"。
这里是我的LocalSettings.php中的LDAP内联函数:
$LDAPProviderDomainConfigProvider = function()
{
$config =
[
"abc.local" =>
[
"connection" =>
[
"server" => "5.5.5.5",
"user" => "[email protected]",
"pass" => "password",
"basedn" => "dc=abc,dc=local",
"groupbasedn" => "dc=abc,dc=local",
"userbasedn" => "dc=abc,dc=local",
"searchattribute" => "samaccountname",
"searchstring" => "[email protected]",
"usernameattribute" => "samaccountname",
"realnameattribute" => "cn",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
],
"authorization" =>
[
"rules" =>
[
"groups" =>
[
"required" => [ "cn=Users,dc=abc,dc=local" ]
]
]
],
"userinfo" =>
[
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
我需要什么以便组Domain Users(abc.local / Users)中的任何域用户都可以访问Wiki?
谢谢,russ
是的!甚至盲目的松鼠也会偶尔发现螺母!正常工作!
通过大量的反复试验,我最终只需要将“组”部分更改为简单的"group" => "Users"。如果我想进一步限制它,我可以创建一个新的域组WikiUsers,并将选定的用户放入其中。然后,我需要在下面设置"group" => "WikiUsers"。但是,我希望任何本地域用户都可以访问,因此我下面的内容非常完美。
[此外,我对上面问题中显示的配置进行了另一处更改。我创建了一个普通的域用户,除了登录([email protected])外没有其他权限,因此我不必使用明文发送pwd的管理员帐户。
$LDAPProviderDomainConfigProvider = function()
{
$config =
[
"abc.local" =>
[
"connection" =>
[
"server" => "5.5.5.5",
"user" => "[email protected]",
"pass" => "password",
"basedn" => "dc=abc,dc=local",
"groupbasedn" => "dc=abc,dc=local",
"userbasedn" => "dc=abc,dc=local",
"searchattribute" => "samaccountname",
"searchstring" => "[email protected]",
"usernameattribute" => "samaccountname",
"realnameattribute" => "cn",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::fa$
],
"authorization" =>
[
"rules" =>
[
"group" => "Users",
]
],
"userinfo" =>
[
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};