No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
i18n
src
.dir-locals.el
.gitignore
.gitreview
CODE_OF_CONDUCT.md
Gruntfile.js
LICENSE
README.mediawiki
extension.json
package.json

README.mediawiki

Table of Contents

LdapGroups

This is MediaWiki extension to allow users to manage their MediaWiki groups using a directory server via LDAP such as Microsoft's ActiveDirectory.

Installation

  • Download and place the files in a directory called LdapGroups in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php:
wfLoadExtension( 'LdapGroups' );

  • Configure as required
  • Done - Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration

ini file

You need to specify connection parameters for your LDAP server. Since you may want to use a different LDAP server for different environments (e.g. dev, prod), the credentials are stored in a separate file in ini file format. These will be used to connect to the directory server. Specify the ini file in your LocalSettings.php file by setting:

$LdapGroupsIniFile = "full-path-to-file";

The file takes the following format:

[main]
	server = ServerName

	; quotes are required to keep php from getting confused about
	; the extra equals sign
	user = 'UserName or DN'

	pass = password

	basedn = 'Base DN'

Group mapping

Your mapping of MediaWiki groups to the distinguished names (dn) of the groups on your directory server should be provided in the $LdapGroupsMap variable. For example:

$LdapGroupsMap
    = [ "AWSUsers" =>
        [
            "cn=aws-production,ou=security group,o=top"
        ],
        "NavAndGuidance" =>
        [
            'cn=g001,OU=Groups,o=top',
            'cn=g002,OU=Groups,o=top',
            'cn=g003,OU=Groups,o=top',
        ]
    ];

Nested groups

Nested groups are correctly resolved using LDAP_MATCHING_RULE_IN_CHAIN queries if you add the following to your LocalSettings.php:

$LdapGroupsUseMatchingRuleInChainQuery = true;

TODO

I also plan to have a Special Page to set up to allow for group mappings soon.