Case Study:
Netzint

Customer

Netzint GmbH is an IT systems provider based in Gütenbach in the Black Forest, with additional development and service locations in Lahr and Giengen an der Brenz. The company offers a broad range of services across core areas of information technology. Its work is organized into five fields: CONNECT for networks and connectivity, PUBLIC for school IT including linuxmuster.net and edulution.io, BUSINESS for corporate IT, infrastructure and virtualization, SECURITY for data protection and security, and DEVELOP for custom software development.

As a technology supplier, Netzint is strongly committed to German and European digital sovereignty and prefers open-source software from Germany and Europe. This stance is also reflected in its support for the “Public Money, Public Code” campaign. Netzint uses DokuWiki to document the customer systems it manages, making the wiki a central part of everyday work.

Project

The Netzint wiki documents customer systems in a deep hierarchy of organizations and sub-organizations. It also contains sensitive data, including server passwords. Over time, this created a recurring set of requirements. Access rights had to be assigned dynamically and with fine granularity for each customer. Automatic navigation had to remain useful even when users could not read parts of the namespace hierarchy. Passwords needed to be stored encrypted rather than in plain text, and logins had to be protected with two-factor authentication. Netzint also wanted to evaluate data from the Xentral ERP system directly inside the wiki.

Netzint was looking for an experienced DokuWiki partner who could implement these requirements over a longer period as clearly scoped improvements, modernize existing plugins and, where appropriate, make the results available to the wider community.

Implementation

CosmoCode has supported Netzint since 2020 as a long-term partner for its DokuWiki platform. New requirements are handled as an ongoing series of individually commissioned improvements across several recurring areas.

One major focus is dynamic access control. CosmoCode developed the custom ACLplusregex plugin, which defines complex ACLs from user and group names using regular expressions and applies them automatically to the matching customer namespace structure. The plugin was extended several times, including support for regular expressions in the first part of rules, wildcard support and substantial performance optimizations for installations with large rule sets.

Closely connected to this is automatic navigation. The SimpleNavi plugin was reworked so that it still produces a useful tree view when a user can access only a sub-organization but not the parent organization. To make this possible, the recursive mechanism for reading the page tree was rebuilt, allowing readable areas inside otherwise unreadable namespaces to be expanded correctly.

Security formed another large area of work. CosmoCode built the new encryptedpasswords plugin, which stores passwords in the wiki using symmetric encryption through the browser’s modern SubtleCrypto API. In addition, the unmaintained twofactor plugin suite was thoroughly modernized. The work included updates to current coding standards, a clearer separation of responsibilities between the base plugin and method plugins, automated unit tests and GitHub Actions. Several plugins were also reviewed for potential attack scenarios involving external users.

To display customer data from the ERP system directly in the wiki, CosmoCode developed an SQL plugin published as dbquery. It strictly separates the creation of SQL queries from their use on wiki pages, so customers with write access cannot formulate their own database queries. It also supports placeholders for the currently logged-in user. The GroupMatrix plugin adds automated matrix views of group memberships.

The cooperation also includes ongoing adjustments to the authentication setup, including AuthAD and PureLDAP for Active Directory integration and password changes, adaptations to the SprintDoc template for fully closed wikis, and regular maintenance, updates and bug fixes. All code is published under the GPL2. Where a solution is useful beyond Netzint’s own setup, it is released as an open-source plugin on DokuWiki.org and GitHub.

Customer

Netzint GmbH

Timeframe

2020 – 2025