> I know what a lot of people are going to say.... "google it". I have,
> but there are many different configuration settings and examples for
> different versions of the plugin and different versions of mediawiki,
> I've yet to have any success with them, hence why I'm now asking here.
>
This is why I tell people to only use the official documentation on
mediawiki.org. It's always up to date, and it's fairly in depth
(improvements welcome).
> Below is what I've got so far, but it's not a lot. I've disabled
> anonymous access via IIS and enabled windows authentication, but I'm not
> getting any single sign on functionality. However, if anyone has
> accomplished at least the first two objectives listed above and would be
> able to provide me with a "template" of their config (sensitive data
> obviously omitted) then I would really appreciate it.
>
Are you sure the authentication is working?
> //
> //LDAP Authentication Configuration
> //
>
> require_once( "/extensions/LdapAuthentication.php" );
> require_once( "/extensions/LdapAutoAuthentication.php" );
>
> //the domain name is any arbitrary name that you will use as a variable
>
> $wgLDAPDomainNames = array("localdomain.local");
>
> //define the fully qualified name of your AD domain
>
> $wgLDAPServerNames = array("localdomain.local"=>"DC1.localdomain.local
> DC2.localdomain.local");
> $wgLDAPEncryptionType = array("localdomain.local"=>"ssl");
>
> //this is the short name of your domain, not the arbitrary variable
> mentioned below
>
> $wgLDAPAutoAuthDomain = "localdomain.local";
>
> //this is how you get the wiki user to be username as opposed to
> DOMAIN\username
>
> list($dom,$userid)=split('[\]',$_SERVER['REMOTE_USER']);
> $wgLDAPAutoAuthUsername = $userid;
> $wgLDAPBaseDNs =
> array("localdomain.local"=>"ou=Users,DC=localdomain,dc=local");
> $wgLDAPSearchAttributes = array("localdomain.local" => "sAMAccountName");
> $wgMinimalPasswordLength = 1;
>
> //Group Configuration
>
> $wgLDAPGroupUseFullDN = array( "localdomain.local"=>true );
> $wgLDAPGroupObjectclass = array( "localdomain.local"=>"group" );
> $wgLDAPGroupAttribute = array( "localdomain.local"=>"member" );
> $wgLDAPGroupSearchNestedGroups = array( "localdomain.local"=>false );
> $wgLDAPUseLDAPGroups = array( "localdomain.local"=>true );
> $wgLDAPGroupNameAttribute = array(
> "localdomain.local"=>"cn=sysop,ou=Users,dc=localdomain,dc=local" );
> $wgLDAPGroupNameAttribute = array( "localdomain.local"=>"sysop" );
> AutoAuthSetup();
>
> //this is where you define the credentials necessary to read information
> from AD
> //you only need this if you want to pull the name, email address and
> groups from AD
>
> $wgLDAPProxyAgent = array('localdomain.local'
> =>'CN=MediaWikiLDAPSearcher,OU=Users,DC=localdomain,DC=local');
> $wgLDAPProxyAgentPassword = array('localdomain.local' =>
> 'MyLDAPSearcherPassword');
> $wgLDAPPreferences =
> array("localdomain.local"=>array("email"=>"mail","realname"=>"cn","nickname"=>"givenName"));
>
I don't see any issues with the configuration. You should enable
debugging and reply with the debug log with sensitive stuff snipped
out.
- Ryan Lane
_______________________________________________
MediaWiki-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
