Hi Everyone,
I'm using a Mediawiki/IIS/AD implementation and would like to accomplish
the following via Microsoft Active Directory:
* Single Sign On
* Synchronisation between MediaWiki groups and AD Groups (For
example, I want myself, and people in my department from security
group to have full, administrative access)
* At a later date (but not urgent right now) disable anonymous
access, and have private and public wiki sections.
I know what a lot of people are going to say.... "google it". I have,
but there are many different configuration settings and examples for
different versions of the plugin and different versions of mediawiki,
I've yet to have any success with them, hence why I'm now asking here.
Below is what I've got so far, but it's not a lot. I've disabled
anonymous access via IIS and enabled windows authentication, but I'm not
getting any single sign on functionality. However, if anyone has
accomplished at least the first two objectives listed above and would be
able to provide me with a "template" of their config (sensitive data
obviously omitted) then I would really appreciate it.
Many thanks,
David
//
//LDAP Authentication Configuration
//
require_once( "/extensions/LdapAuthentication.php" );
require_once( "/extensions/LdapAutoAuthentication.php" );
//the domain name is any arbitrary name that you will use as a variable
$wgLDAPDomainNames = array("localdomain.local");
//define the fully qualified name of your AD domain
$wgLDAPServerNames = array("localdomain.local"=>"DC1.localdomain.local
DC2.localdomain.local");
$wgLDAPEncryptionType = array("localdomain.local"=>"ssl");
//this is the short name of your domain, not the arbitrary variable
mentioned below
$wgLDAPAutoAuthDomain = "localdomain.local";
//this is how you get the wiki user to be username as opposed to
DOMAIN\username
list($dom,$userid)=split('[\]',$_SERVER['REMOTE_USER']);
$wgLDAPAutoAuthUsername = $userid;
$wgLDAPBaseDNs =
array("localdomain.local"=>"ou=Users,DC=localdomain,dc=local");
$wgLDAPSearchAttributes = array("localdomain.local" => "sAMAccountName");
$wgMinimalPasswordLength = 1;
//Group Configuration
$wgLDAPGroupUseFullDN = array( "localdomain.local"=>true );
$wgLDAPGroupObjectclass = array( "localdomain.local"=>"group" );
$wgLDAPGroupAttribute = array( "localdomain.local"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "localdomain.local"=>false );
$wgLDAPUseLDAPGroups = array( "localdomain.local"=>true );
$wgLDAPGroupNameAttribute = array(
"localdomain.local"=>"cn=sysop,ou=Users,dc=localdomain,dc=local" );
$wgLDAPGroupNameAttribute = array( "localdomain.local"=>"sysop" );
AutoAuthSetup();
//this is where you define the credentials necessary to read information
from AD
//you only need this if you want to pull the name, email address and
groups from AD
$wgLDAPProxyAgent = array('localdomain.local'
=>'CN=MediaWikiLDAPSearcher,OU=Users,DC=localdomain,DC=local');
$wgLDAPProxyAgentPassword = array('localdomain.local' =>
'MyLDAPSearcherPassword');
$wgLDAPPreferences =
array("localdomain.local"=>array("email"=>"mail","realname"=>"cn","nickname"=>"givenName"));
_______________________________________________
MediaWiki-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
