This MediaWiki extension allows for an instance to be configured to authenticate against a (one or many) LDAP servers. The extension is built for MediaWiki v1.27 or greater, as it utilizes the new extension and authentication framework.
- Download the extension and place it in the
extensions/LdapAuth
directory. - Add the following to your LocalSettings.php file:
wfLoadExtension( 'LdapAuth' );
- Configure as required.
- For the best composer experience, we recommend checking the MediaWiki composer page (https://www.mediawiki.org/wiki/Composer#Using_composer-merge-plugin) first and following these steps. If the want to started quickly, please run the following command from the root directory of your MediaWiki installation:
composer require symfony/ldap
As this plugin contains support for multiple domains, most of the following settings have two forms - generic cross-domain setting, or individualised per-domain settings, annotated by PER-DOMAIN.
$wgLdapAuthDomainNames = ['mywebsite.eu'];
$wgLdapAuthServers = ['mywebsite.eu' => ['ldap.mywebsite.eu']];
$wgLdapAuthBindDN = ['mywebsite.eu' => 'cn=wiki,ou=hosts,dc={DCNAME},dc=local'];
$wgLdapAuthBindPass = ['mywebsite.eu' => '{PASSWORD}'];
$wgLdapAuthEncryptionType = ['mywebsite.eu' => 'none'];
$wgLdapAuthSearchFilter = ['mywebsite.eu' => '(&(objectClass=posixAccount)(uid=%1$s)(memberOf=cn=wiki,ou=groups,dc={DCNAME},dc=local))'];
$wgLdapAuthBaseDN = ['mywebsite.eu' => 'ou=users,dc={DCNAME},dc=local'];
$wgLdapAuthIsActiveDirectory = ['mywebsite.eu' => FALSE];
$wgLdapAuthUsernameField = ['mywebsite.eu' => 'uid'];
$wgLdapAuthUserEmailRequired = ['mywebsite.eu' => TRUE];
$wgLdapAuthSearchTree = ['mywebsite.eu' => TRUE];
$wgLdapAuthMapGroups = ['mywebsite.eu' => []];
$wgLdapAuthIsOpenLDAP = ['mywebsite.eu' => true];
$wgLdapAuthDisplayNameField = ['mywebsite.eu' => 'My Website'];
Specifies the LDAP domain (CN) to which we are connecting.
Examples:
$wgLdapAuthDomainNames = ['mywebsite.eu'];
Specifies a list of servers to authenticate each domain.
Examples:
$wgLdapAuthServers = ['mywebsite.eu' => ['ldap.mywebsite.eu', '127.0.0.4']];