Hello all,

We have a server recently updated to Deki Open Source Edition v.8.08.2 with LDAP/AD authentication working. I've set two LDAP groups to have "Contributor" role in deki, while default role is viewer. When new users pertaining to these groups log into deki, their groups are correctly identified (they show up in the user control panel), but their role is still "Viewer". (If I recall correctly, previous to upgrade group membership was not always recognized. So situation has improved, but still not to a fully satisfactory point).

I have searched the forum and the FAQ but could not find a fix for this kind of issue, so any help would be appreciated.

Here are the settings for the LDAP/AD auth service:

SID : http://services.mindtouch.com/deki/stable/2007/05/ldap-authentication
searchbase: dc=localdomain,dc=widedomain,dc=country
displayname-pattern: {cn} [ # to have name showing up instead of login in deki#]
hostname: adserver
bindingdn: $1@localdomain.widedomain.country
userquery: samAccountName=$1


Thanks in advance

The role of the user will not be touched because a user is part of a group(s) that have a different role. The effective permissions of the user on the other hand do get the inherited roles from groups.

MaxM,

Thanks MaxM. You are right! It works indeed, and I was only confused by the displayed role in the user list. I've seen you are planning to rework the whole permission system. This will hopefully will remove such ambiguities.

MaxM,

Sorry to bother you again withwith my new users issues, but if new users can indeed edit pages in the wiki hierarchy (my previous check), editting their own page fails for some reason: When they click on "My page", it comes up with no title, and if they click on "edit" the editor doesn't come up.

How can I debug this problem?
Thanks in advance

Thats a strange problem -- the editor doesn't show up when editing your own homepage but editing other pages works fine?

Sounds like a bug. Can you file it with as much info as possible? Fiddler dump would be useful as well as info in your setup and any settings you're using.

You can also call mindtouch support or try asking in IRC

Thanks again MaxM,

I'll be reporting this as a bug as you suggest. I just wanted to say here that LDAP authentication has nothing to do with the problem: I've created a local user named Test_test with contributor role, and it's own page comes up with no name (and can't be edited) just as reported previously. Hence, this thread is definitely not about LDAP integration! Sorry for my confusion again.