This is MediaWiki extension to allow users to manage their MediaWiki groups using a directory server via LDAP such as Microsoft's ActiveDirectory.
- Download and place the files in a directory called LdapGroups in your extensions/ folder.
- Add the following code at the bottom of your LocalSettings.php:
wfLoadExtension( 'LdapGroups' );
- Configure as required
- Done - Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
You need to specify connection parameters for your LDAP server. Since you may want to use a different LDAP server for different environments (e.g. dev, prod), the credentials are stored in a separate file in ini file format. These will be used to connect to the directory server. Specify the ini file in your LocalSettings.php file by setting:
$LdapGroupsIniFile = "full-path-to-file";
The file takes the following format:
[main]
server = ServerName
; quotes are required to keep php from getting confused about
; the extra equals sign
user = 'UserName or DN'
pass = password
basedn = 'Base DN'
Your mapping of MediaWiki groups to the distinguished names (dn) of the groups on your directory server should be provided in the $LdapGroupsMap variable. For example:
$LdapGroupsMap
= [ "AWSUsers" =>
[
"cn=aws-production,ou=security group,o=top"
],
"NavAndGuidance" =>
[
'cn=g001,OU=Groups,o=top',
'cn=g002,OU=Groups,o=top',
'cn=g003,OU=Groups,o=top',
]
];
Nested groups are correctly resolved using LDAP_MATCHING_RULE_IN_CHAIN queries if you add the following to your LocalSettings.php:
$LdapGroupsUseMatchingRuleInChainQuery = true;
I also plan to have a Special Page to set up to allow for group mappings soon.