|
|
@@ -128,10 +128,9 @@ if [[ -n "${LDAP_SERVER:-}" ]]; then
|
|
|
# configure LDAP
|
|
|
# https://github.com/heiglandreas/authLdap/blob/master/authLdap.php#L644
|
|
|
|
|
|
- # GroupEnable means that cloudron groups are carried over to wp groups
|
|
|
+ # GroupEnable means that ldap groups are carried over to wp groups
|
|
|
# GroupOverUser means that if there is an existing wp group for the user, it won't be overwritten
|
|
|
- # The above implies that users can override the roles in wordpress and it
|
|
|
- # doesn't get overwritten on re-login
|
|
|
+ # The default role is 'editor' and not 'admin' because normal users can otherwise install plugins/thus modify code
|
|
|
echo "Configuring LDAP"
|
|
|
ldapConfig=$(cat <<EOF
|
|
|
{
|
|
|
@@ -150,7 +149,7 @@ if [[ -n "${LDAP_SERVER:-}" ]]; then
|
|
|
"GroupAttr" : "memberof",
|
|
|
"GroupFilter" : "(|(mail=%1\$s)(username=%1\$s))",
|
|
|
"DefaultRole" : "editor",
|
|
|
- "GroupEnable" : true,
|
|
|
+ "GroupEnable" : false,
|
|
|
"GroupOverUser" : false,
|
|
|
"Version" : 1
|
|
|
}
|
Girish Ramakrishnan