Hi, I'm evaluating g3 to replace an existing system we have (old server, no-one knows how to maintain it).
LDAP authentication will be a key requirement, so I've installed a test g3 on a CentOS (6) server and put the LDAP plugin in.
What we want to achieve is:
- The main admin account is NOT reliant on LDAP (suicide when there is an LDAP problem)
- certain accounts should have full upload photo / create album / edit rights
- everyone else gets read only access
We don't want to be faffing around with creating groups in LDAP for this, or extra attributes. cn is our username attribute - our tree is quite complicated, but all our other PHP / java servlet webapps out of the box just search within o=our_org and search subcontexts fine to track down users.
From messages I've seen so far, g3 can only have the built in authentication OR ldap - so as long as I can say 'these LDAP usernames can have editing rights' that is fine. But it's complaining that I haven't specified groups.
Can I achieve this, and if so how?
Thanks