Table of Contents
Admidio Free online membership management software
Configuration for authpdo plugin to authenticate with Admidio Free online membership management software.
Scenario
- Basic authentication only.
- Groups are read from Admidio User Management.
- No user modification/adding. This assumes that all user/group accounts will be created and maintained through Admidio.
- My “real world” scenario: society with fully working Admidio and 2 DokuWiki's:
- DokuWiki for Web and Dokumentation
→ All society users can login to DokuWiki, all leads are represented as groups. - DokuWiki as CMS for the homepage of our society
→ Only group of Admidio users can login to DokuWiki, only part of users are represented as groups.
Working with 2020-07-29 “Hogfather” and Admidio 3.3.17 based on CentOS Linux 7.8.2003 (Core) PHP 7.3.23 and MariaDB 5.5.65.
Prerequisites
- Access to your DokuWiki files via SSH or FTP.
- Backup of
[yourdokuwiki]/conf/local.php
!
- Access to MariaDB database containing all Admidio data (host, database, user, password).
- Access to Admidio as “Administrator” (or equivalent role).
- Backup of
Database under create_backup
!
Approach
Admidio internal user and role(group) management is quite flexible. To avoid errors in the plugin configuration I decided to add two new views in the database representing the needed data only. This way authpdo's configuration remains still readable.
As a side effect you can check your SELECT-Statements very carefully before connecting DokuWiki's authpdo to Admidio.
Adding views to Moodle database
Login to your MySQL database via command line, PHPMyAdmin, MySQL-Workbench or your other tool.
Execute the following commands:
Select Admidio's database
(don't forget to replace “dbanmeadmidio” with your name):
USE dbanmeadmidio;
Create view "users" for user data:
check only if User is in Database <code tsql> CREATE VIEW dbanmeadmidio.users AS SELECT T1.usr_id AS uid, T1.usr_login_name AS login, T1.usr_password AS password, T2.usd_value AS firstname, T3.usd_value AS lastname, T4.usd_value AS email FROM adm_users AS T1 LEFT JOIN adm_user_data T2 ON T2.usd_usr_id=T1.usr_id AND T2.usd_usf_id='2' LEFT JOIN adm_user_data T3 ON T3.usd_usr_id=T1.usr_id AND T3.usd_usf_id='1' LEFT JOIN adm_user_data T4 ON T4.usd_usr_id=T1.usr_id AND T4.usd_usf_id='12' WHERE T1.usr_password IS NOT NULL AND T1.usr_number_invalid=0 GROUP BY T1.usr_id ORDER BY T1.usr_id DESC
check if the User is active
CREATE VIEW dbanmeadmidio.users AS SELECT T1.usr_id AS uid, T1.usr_login_name AS login, T1.usr_password AS password, T2.usd_value AS firstname, T3.usd_value AS lastname, T4.usd_value AS email, T5.mem_end FROM adm_users AS T1 LEFT JOIN adm_user_data T2 ON T2.usd_usr_id=T1.usr_id AND T2.usd_usf_id='2' LEFT JOIN adm_user_data T3 ON T3.usd_usr_id=T1.usr_id AND T3.usd_usf_id='1' LEFT JOIN adm_user_data T4 ON T4.usd_usr_id=T1.usr_id AND T4.usd_usf_id='12' LEFT JOIN adm_members T5 ON T5.mem_usr_id=T1.usr_id AND T5.mem_rol_id='2' WHERE T1.usr_password IS NOT NULL AND T1.usr_number_invalid=0 AND T5.mem_end>CURDATE() GROUP BY T1.usr_id ORDER BY T1.usr_id DESC
Create view "usergroup" for user groups:
CREATE VIEW dbanmeadmidio.usergroup AS SELECT mem_usr_id AS uid, mem_rol_id AS gid FROM `adm_members`
Create view "groups" for groups and names:
CREATE VIEW dbanmeadmidio.groups AS SELECT rol_id AS gid, rol_name AS name FROM adm_roles
Check for success:
SELECT * FROM groups; SELECT * FROM usergroup; SELECT * FROM users;
should give you something like this:
uid | login | password | firstname | lastname | mem_end | |
---|---|---|---|---|---|---|
217 | username | $2ydads$12$9jwwsssffsfdQ…. | Max | Mustermann | max.mustermann@musterhausen.de | 9999-12-31 |
⋮ | ⋮ | ⋮ | ⋮ | ⋮ | ⋮ | ⋮ |
and
uid | gid |
---|---|
1 | 217 |
⋮ | ⋮ |
and last but not least
gid | name |
---|---|
1 | wiki_usergroup |
⋮ | ⋮ |
As you see, all Admidio users are member of group “user” automatically.1) Group management is done now by creating global Groups and adding Adminio users matching your needs.
Plugin configuration
Common settings
Option 'debug' should be enabled for error messages at first. After success disable it.
Option 'dsn'
mysql:host=localhost;dbname=dbanmeadmidio;charset=utf8
Option 'user'
mysqladmidiouser
Option 'pass'
mysqladmidiousersecret
Don't forget to adjust the core settings:
- Configuration Setting: authtype - enable the plugin here
- Configuration Setting: superuser - the Moodle user name of your admin (probably you)
Scenario
All Admidio Users users can login and all Admidio are DokuWiki groups too:
Option 'select-user'
SELECT `uid`, `login` AS "user", concat(`lastname`," ",`firstname`) AS "name", `password` AS "hash", `email` AS mail FROM `users` WHERE `login` = :user
Option 'select-user-groups'
SELECT name as `group` FROM groups AS g, users AS u, usergroup AS ug WHERE u.uid = ug.uid AND g.gid = ug.gid AND u.login= :user GROUP BY name
Option 'select-groups'
SELECT name as `group` FROM groups AS g, usergroup AS ug WHERE g.gid = ug.gid
That's it. Save configuration and re-login. Good luck!