Restrict mediawiki to using only LDAP based accounts, but still allow global read-only.
stahnma/mediawiki-LdapAccount
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
(c) 2009 Michael Stahnke <stahnma@websages.com> http://github.com/stahnma/mediawiki-LdapAccount This extension allows you to use LDAP backed accounts inside mediawiki. I found a few that sort of did what I wanted, but nothing that fit 100% of my requirements, so I wrote my own extension. == Features == * Account must exist in LDAP * Accounts are created inside mediawiki with attributes populated from LDAP * You can still allow non-users to read contents (as opposed to using web server LDAP authentication) * Authenticates against LDAP * Changing password in mediawiki is disabled * Disable anonymous edits and account registration (prevents spam) == Requirements == * Needs php ldap libraries installed (php-ldap package on RHEL/Centos/Fedora) == Packaging == * Want a source rpm? make srpm * Want a binary noarch rpm? make rpm * Want a deb? so do i. == Testing == * Tested only against OpenLDAP with SSL enabled. I don't have lots of directories lying around. * If you find bugs against other LDAP servers, let me know and I will try to help. * I am not really interested in this working for ActiveDirectory, but I think it would. == Setup == * IF you're using SSL you might want a .ldaprc file in Apache's home directory that specifies SSL Cert path, tells the web server not to care about SSL certificate signing errors. * You'll need to edit LocalSettings.php (see below) == Configuration == Usage: Edit LocalSettings.php and add the following variables require_once 'extensions/LdapAccount/LdapAccount.php'; # Description: Directory Server URI with protocol (not port) # Default: None $wgDS = "ldaps://ldap.example.com"; # Description: Directory Server Port # Default: 389 $wgDSPort = 389; # Description: Bind Type (Anonymous or ProxyAccount) # Default: Anonymous $wgBindType = "Anonymous"; # Description: Proxy Bind Account DN # Default: None $wgBindProxyDN = "uid=userid,ou=people,dc=example,dc=com"; # Description: Proxy Bind Account Password # Default: None $wgBindProxyPW = "apassword"; # Description: LDAP Attribute to search on # Default: uid $wgUserAttr = "uid"; # Description: LDAP Search Base for looking up accounts # Default: None $wgLDAPSearchBase="ou=people,dc=example,dc=com"; # Instantiate AuthPlugin object $wgAuth = new LdapAccount(); == License == /** * DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE * Version 2, December 2004 * * Copyright (C) 2004 Sam Hocevar * 14 rue de Plaisance, 75014 Paris, France * Everyone is permitted to copy and distribute verbatim or modified * copies of this license document, and changing it is allowed as long * as the name is changed. * * DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE * TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION * * 0. You just DO WHAT THE FUCK YOU WANT TO. **/
About
Restrict mediawiki to using only LDAP based accounts, but still allow global read-only.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published