How to Assign a User to a Group with no Access to UserManager
-
Hi.
Using Cloudron's LDAP server, the default UserManager link in the Admin Panel disappears, because I believe the ~/conf/users.auth.php file is not present.
However, I am using the ACL (Access Control List) functionality of DW, and was wondering with the UserManager link gone in the Admin Panel, is there another way to assign a group(s) to a user?
Because the group in the Cloudron User Directory for a User does not seem to show up in DW's ACL:
For example, there is a group this associated to each of the @user (e.g. @vr, @vr-lead, etc.), but it doesn't seem to show up under the "Group:" drop-down menu item.
-
N nebulon marked this topic as a question on
-
@saint The
UserManageris the local database auth system. When using LDAP, it will go away. This is expected.Because the group in the Cloudron User Directory for a User does not seem to show up in DW's ACL:
The ACL view is very tricky to use. Even in UserManager there is actually no way to create a group. It just "appears"
This took me a while to figure out - https://forum.dokuwiki.org/d/4935-howto-create-groupYou just put a group name like below and click select (you have to click the namespace on the left as well). And then, you can adjust the rules and save. Once you have put the group there in an ACL, it will apear in the Group dropdown for the future.
-
G girish has marked this topic as solved on
-
Hi guys,
Circling back to give an update on this issue.
Thanks for the feedback - I've been able to get permissioning to work correctly for Users so far, but am running into trouble with getting it to work properly for groups.
I went through the same steps as adding an existing User, except I added an existing group that the User belonged to in Cloudron.
When I tested the User permissions to show/hide/etc. a specific piece of content, it worked as expected.
When I tested the Group permissions to show/hide/etc. the same specific piece of content, it did nothing.
Any thoughts on why the same behavior/steps would yield different results?
Happy to provide additional info. if needed. Thank you!
-
@girish @nebulon - Some additional digging, and I am wondering if this could be the cause. I've tested this at the User level, and the User Group level for the same page.
The below is from the Configuration Settings of the Dokuwiki (domain replaced with example):
https://www.example.com/grp/vr_team_lead?do=admin&page=config
The plugin»authldap»usertree is filled in, but the plugin»authldap»grouptree field is empty.
Similarly, the plugin»authldap»userfilter is filled in, but plugin»authldap»groupfilter is empty.
For the User, it works. For the User Group, no matter what I do, it does not. Could this be why I was able to get the ACL to work at the User level, but not the User Group level?
According to the threads at Dokuwiki forum, andi the developer has said:
Yes. The ldap plugin uses the grouptree and groupfilter settings to fetch the group memberships of users.
I also did a check at:
https://www.example.com/grp/vr_team_lead&doku.php?do=check
And from what I can see, it shows that I'm logged in as the correct User, but the User's Group does not correspond to the group defined on the LDAP server. Just that I'm part of the group "user."
Let me know if you guys would like to see a screenshot of my ACL setup if needed.
Thank you!
-
S saint has marked this topic as unsolved on
-
@girish After testing out the VirtualGroup plugin, it looks like so far this could be an alternate solution to the issue we are having.
For those that are running across the problem, try the searching for virtualgroup Plugin in your Extension Manager and see if that solves it.
-
N nebulon has marked this topic as solved on