Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Restrict mediawiki to using only LDAP based accounts, but still allow global read-only.
PHP
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
SOURCES
SPECS
.gitignore
Makefile
README

README

(c) 2009 Michael Stahnke <stahnma@websages.com>

http://github.com/stahnma/mediawiki-LdapAccount

This extension allows you to use LDAP backed accounts inside mediawiki.  I found a few that sort of 
did what I wanted, but nothing that fit 100% of my requirements, so I wrote my own extension. 

== Features == 
* Account must exist in LDAP
* Accounts are created inside mediawiki with attributes populated from LDAP
* You can still allow non-users to read contents (as opposed to using web server LDAP authentication)
* Authenticates against LDAP
* Changing password in mediawiki is disabled
* Disable anonymous edits and account registration (prevents spam)

== Requirements ==
* Needs php ldap libraries installed (php-ldap package on RHEL/Centos/Fedora)

== Packaging ==
* Want a source rpm?  make srpm
* Want a binary noarch rpm? make rpm
* Want a deb?  so do i. 
  
== Testing ==
* Tested only against OpenLDAP with SSL enabled. I don't have lots of directories lying around.
* If you find bugs against other LDAP servers, let me know and I will try to help.
* I am not really interested in this working for ActiveDirectory, but I think it would.

== Setup  ==
* IF you're using SSL you might want a .ldaprc file in Apache's home directory that specifies SSL Cert path, tells 
     the web server not to care about SSL certificate signing errors.  
* You'll need to edit LocalSettings.php (see below)
  
== Configuration ==

Usage: Edit LocalSettings.php and add the following variables


  require_once 'extensions/LdapAccount/LdapAccount.php';
  # Description: Directory Server URI with protocol (not port)
  # Default: None
  $wgDS = "ldaps://ldap.example.com";

  # Description: Directory Server Port
  # Default: 389
  $wgDSPort = 389;

  # Description: Bind Type (Anonymous or ProxyAccount)
  # Default: Anonymous
  $wgBindType = "Anonymous";

  # Description: Proxy Bind Account DN
  # Default: None
  $wgBindProxyDN = "uid=userid,ou=people,dc=example,dc=com";

  # Description: Proxy Bind Account Password
  # Default: None
  $wgBindProxyPW = "apassword";

  # Description: LDAP Attribute to search on
  # Default: uid
  $wgUserAttr = "uid";

  # Description: LDAP Search Base for looking up accounts
  # Default: None
  $wgLDAPSearchBase="ou=people,dc=example,dc=com";

  # Instantiate AuthPlugin object
  $wgAuth = new LdapAccount();

== License == 
 /**
  *  DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
  *                  Version 2, December 2004
  *
  * Copyright (C) 2004 Sam Hocevar
  * 14 rue de Plaisance, 75014 Paris, France
  * Everyone is permitted to copy and distribute verbatim or modified
  * copies of this license document, and changing it is allowed as long
  * as the name is changed.
  * 
  *         DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
  *  TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  * 
  * 0. You just DO WHAT THE FUCK YOU WANT TO.
 **/
Something went wrong with that request. Please try again.