Skip to content
Restrict mediawiki to using only LDAP based accounts, but still allow global read-only. https://sourceforge.net/projects/mw-ldapaccount/
PHP
Find file
Latest commit 9cde067 @dlbewley dlbewley cleanup example config
typo in $wgDS url
missing instantiation of $wgAuth which is key for success
Failed to load latest commit information.
SOURCES
SPECS Updating Makefile for easier tarball release.
.gitignore Refactored completely now uses configuration information.
Makefile
README

README

(c) 2009 Michael Stahnke <stahnma@websages.com>

http://github.com/stahnma/mediawiki-LdapAccount

This extension allows you to use LDAP backed accounts inside mediawiki.  I found a few that sort of 
did what I wanted, but nothing that fit 100% of my requirements, so I wrote my own extension. 

== Features == 
* Account must exist in LDAP
* Accounts are created inside mediawiki with attributes populated from LDAP
* You can still allow non-users to read contents (as opposed to using web server LDAP authentication)
* Authenticates against LDAP
* Changing password in mediawiki is disabled
* Disable anonymous edits and account registration (prevents spam)

== Requirements ==
* Needs php ldap libraries installed (php-ldap package on RHEL/Centos/Fedora)

== Packaging ==
* Want a source rpm?  make srpm
* Want a binary noarch rpm? make rpm
* Want a deb?  so do i. 
  
== Testing ==
* Tested only against OpenLDAP with SSL enabled. I don't have lots of directories lying around.
* If you find bugs against other LDAP servers, let me know and I will try to help.
* I am not really interested in this working for ActiveDirectory, but I think it would.

== Setup  ==
* IF you're using SSL you might want a .ldaprc file in Apache's home directory that specifies SSL Cert path, tells 
     the web server not to care about SSL certificate signing errors.  
* You'll need to edit LocalSettings.php (see below)
  
== Configuration ==

Usage: Edit LocalSettings.php and add the following variables


  require_once 'extensions/LdapAccount/LdapAccount.php';
  # Description: Directory Server URI with protocol (not port)
  # Default: None
  $wgDS = "ldaps://ldap.example.com";

  # Description: Directory Server Port
  # Default: 389
  $wgDSPort = 389;

  # Description: Bind Type (Anonymous or ProxyAccount)
  # Default: Anonymous
  $wgBindType = "Anonymous";

  # Description: Proxy Bind Account DN
  # Default: None
  $wgBindProxyDN = "uid=userid,ou=people,dc=example,dc=com";

  # Description: Proxy Bind Account Password
  # Default: None
  $wgBindProxyPW = "apassword";

  # Description: LDAP Attribute to search on
  # Default: uid
  $wgUserAttr = "uid";

  # Description: LDAP Search Base for looking up accounts
  # Default: None
  $wgLDAPSearchBase="ou=people,dc=example,dc=com";

  # Instantiate AuthPlugin object
  $wgAuth = new LdapAccount();

== License == 
 /**
  *  DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
  *                  Version 2, December 2004
  *
  * Copyright (C) 2004 Sam Hocevar
  * 14 rue de Plaisance, 75014 Paris, France
  * Everyone is permitted to copy and distribute verbatim or modified
  * copies of this license document, and changing it is allowed as long
  * as the name is changed.
  * 
  *         DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
  *  TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  * 
  * 0. You just DO WHAT THE FUCK YOU WANT TO.
 **/
Something went wrong with that request. Please try again.