Help:LdapAuthentication

From Tetherless World Wiki

http://www.mediawiki.org/wiki/Extension:LDAP_Authentication

Contents 1 Overview 2 Install 2.1 Installation Instruction 2.2 Master LDAP configuration (example) 2.3 Slave LDAP configuration (example) 3 Changelog

Overview

This extension is based on LDAP Authentication Extension created by Ryan Lane, version 1.1g.

We made a little modifications to make the droplist of "domain" to reflect the selected domain.

Install

Installation Instruction

• step 1. obtain the latest extension - LdapAuthentication.php
• step 2. save the extension as a file in the extension folder. e.g.

 YOUR-WIKI-DIRECTORY/extensions/LdapAuth/LdapAuthentication.php

• step 3. configure ldap settings by editing LocalSettings.php. We show two example configurations below.
  • #Master LDAP configuration (example)
  • #Slave LDAP configuration (example)

hints

• learn the options offered by this extension, http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Explanation_of_options

Master LDAP configuration (example)

you may create one master wiki that allows users create LDAP account and change password.

TODO

Slave LDAP configuration (example)

you may create many slave wikis that allows authorized LDAP users to login (disallow create/change LDAP account information)

• please update the example with the domain supported by your LDAP server, i.e. replace MY_LDAP_DOMAIN
• please update the example with the host name of your LDAP server, i.e. replace my.ldapserver.org

require_once("$IP/extensions/LdapAuth/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(  "MY_LDAP_DOMAIN" );
$wgLDAPServerNames = array(  "MY_LDAP_DOMAIN" => "my.ldapserver.org" );
$wgLDAPSearchStrings = array(   "MY_LDAP_DOMAIN" => "uid=USER-NAME,ou=people,dc=my,dc=ldapserver,dc=org" );
$wgLDAPEncryptionType = array(  "MY_LDAP_DOMAIN" => "sha" );
$wgMinimalPasswordLength = 6;

// can user log in with a local account (non-LDAP)
// no if not set
$wgLDAPUseLocal = true;  

// The default domain for users to login
$wgLDAPDefaultDomain = "local";

//debug: you may uncomment this section for debugging
//$wgLDAPDebug = 3; 

Changelog

• v1.1g-fix2: Li 12:17, 19 November 2008 (EST); diff (current) -- update setdomain to let administrators configure the default login domain. added new option

 // The default domain for users to login
 $wgLDAPDefaultDomain = "local";

• v1.1g-fix1: Li 15:43, 19 November 2008 (UTC); diff -- update modifyUITemplate for better ordering the droplist after "domain"
• v1.1g-fix-evan: Li 15:40, 19 November 2008 (UTC); diff
• v1.1g: Li 15:34, 19 November 2008 (UTC); copied the original