DokuWiki admin user has no admin permissions when username is not admin/administrator

mrmarkuz · May 11, 2024, 12:56pm

first, thanks to @Denis_Pollini who noticed this little bug in DokuWiki.
When you set internal authentication and the admin user isn’t named admin or administrator then she has no admin permissions after login.
If a domain non-admin user is just named admin/administrator he may get full admin permissions in dokuwiki.

github.com

NethServer/ns8-dokuwiki/blob/ca6c12ea963496f14fe9a1c270a6e30537b8146e/imageroot/bin/write-ldap-conf#L60


      
          \$conf['plugin']['authad']['account_suffix']     = '@${LDAP_DOMAIN}';
          \$conf['plugin']['authad']['base_dn']            = '${LDAP_BASE}';
          \$conf['plugin']['authad']['domain_controllers'] = 'ldap://accountprovider:${LDAP_PORT}'; //multiple can be given
          \$conf['plugin']['authad']['use_tls'] = 0;
          EOF
          
              fi
          fi
          cat <<EOF >> dokuwiki-config/local.protected.php
          \$conf['useacl'] = 1;
          \$conf['superuser'] = 'admin,admin@${LDAP_DOMAIN},administrator,administrator@${LDAP_DOMAIN}';
          EOF
          
          echo "Configuration written to dokuwiki-config/local.protected.php"
          
          cat <<EOF > dokuwiki-config/plugins.local.php
          <?php
          /*
           * Local plugin enable/disable settings
           *
           * Auto-generated by install s

My proposal to solve the bug is

using @admin so any internal auth admin should get the right permissions (as he is in the internal admin group)
using @domain\ admins group instead of user names, this way any domain admin is dokuwiki admin

\$conf['superuser'] = '@admin,@domain\ admins';

stephdl · May 12, 2024, 5:43am

Hello

Can you prepare the pull request we coult test it in real

Thanks

mrmarkuz · May 12, 2024, 7:59am

Done.

stephdl · May 12, 2024, 9:32am

Thanks… it seems we have the same error for registry.nlark.com

We need I think another pr to build the rpm at least to validate the solution

mrmarkuz · May 12, 2024, 9:57am

Here is the PR:

Denis_Pollini · May 13, 2024, 6:23am

Your welcome