Table of Contents
This is MediaWiki extension to allow users to manage their MediaWiki groups using a directory server via LDAP such as Microsoft's ActiveDirectory.
- Download and place the files in a directory called LdapGroups in your extensions/ folder.
- Add the following code at the bottom of your LocalSettings.php:
wfLoadExtension( 'LdapGroups' );
- Configure as required
- Done - Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
You need to specify connection parameters for your LDAP server. Since you may want to use a different LDAP server for different environments (e.g. dev, prod), the credentials are stored in a separate file in ini file format. These will be used to connect to the directory server. Specify the ini file in your LocalSettings.php file by setting:
$LdapGroupsIniFile = "full-path-to-file";
The file takes the following format:
[main] server = ServerName ; quotes are required to keep php from getting confused about ; the extra equals sign user = 'UserName or DN' pass = password basedn = 'Base DN'
Your mapping of MediaWiki groups to the distinguished names (dn) of the groups on your directory server should be provided in the $LdapGroupsMap variable. For example:
$LdapGroupsMap = [ "AWSUsers" => [ "cn=aws-production,ou=security group,o=top" ], "NavAndGuidance" => [ 'cn=g001,OU=Groups,o=top', 'cn=g002,OU=Groups,o=top', 'cn=g003,OU=Groups,o=top', ] ];
$LdapGroupsUseMatchingRuleInChainQuery = true;
I also plan to have a Special Page to set up to allow for group mappings soon.