Mediawiki Ldap: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
|||
| (8 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt) | |||
| Zeile 2: | Zeile 2: | ||
*https://www.mediawiki.org/wiki/Extension:LDAP_Authentication | *https://www.mediawiki.org/wiki/Extension:LDAP_Authentication | ||
*https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Examples | *https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Examples | ||
| − | = | + | =Documentation= |
| + | *https://blog.ryandlane.com/2009/06/16/using-the-ldap-authentication-plugin-for-mediawiki-the-basics-part-2/ | ||
| + | =Voraussetzung= | ||
| + | Paket php-ldap muss installiert sein. | ||
| + | |||
| + | =Install= | ||
| + | *cd WIKIDIR/extensions | ||
*wget https://github.com/wikimedia/mediawiki-extensions-LdapAuthentication/archive/master.tar.gz | *wget https://github.com/wikimedia/mediawiki-extensions-LdapAuthentication/archive/master.tar.gz | ||
| + | *tar -xvzf master.tar.gz | ||
| + | *mv mediawiki-extensions-LdapAuthentication-master LdapAuthentication | ||
| + | |||
| + | =Settings= | ||
| + | *LocalSettings.php | ||
| + | |||
| + | <pre> | ||
| + | $wgGroupPermissions['*']['autocreateaccount'] = true; | ||
| + | $wgGroupPermissions['*']['createaccount'] = false; | ||
| + | $wgGroupPermissions['*']['edit'] = false; | ||
| + | $wgGroupPermissions['*']['read'] = false; | ||
| + | |||
| + | |||
| + | |||
| + | require_once ('extensions/LdapAuthentication/LdapAuthentication.php'); | ||
| + | require_once ('includes/AuthPlugin.php'); | ||
| + | |||
| + | |||
| + | $wgAuth = new LdapAuthenticationPlugin(); | ||
| + | $wgLDAPDomainNames = array( | ||
| + | 'openldap_conf', | ||
| + | ); | ||
| + | $wgLDAPServerNames = array( | ||
| + | 'openldap_conf' => 'waka.xinux.lan', | ||
| + | ); | ||
| + | |||
| + | $wgLDAPSearchStrings = array( 'openldap_conf' => "uid=USER-NAME,ou=users,dc=linuggs,dc=de", | ||
| + | ); | ||
| + | |||
| + | #$wgLDAPUseLocal = false; | ||
| + | $wgLDAPUseLocal = true; | ||
| + | $wgLDAPEncryptionType = array( | ||
| + | 'openldap_conf' => 'clear', | ||
| + | ); | ||
| + | $wgLDAPPort = array( | ||
| + | 'openldap_conf' => 389, | ||
| + | ); | ||
| + | $wgLDAPProxyAgent = array( | ||
| + | 'openldap_conf' => 'cn=admin,dc=linuggs,dc=de', | ||
| + | ); | ||
| + | $wgLDAPProxyAgentPassword = array( | ||
| + | 'openldap_conf' => 'geheim', | ||
| + | ); | ||
| + | $wgLDAPSearchAttributes = array( | ||
| + | 'openldap_conf' => 'uid' | ||
| + | ); | ||
| + | $wgLDAPBaseDNs = array( | ||
| + | 'openldap_conf' => 'dc=linuggs,dc=de', | ||
| + | ); | ||
| + | # To pull e-mail address from LDAP | ||
| + | $wgLDAPPreferences = array( | ||
| + | 'openldap_conf' => array( 'email' => 'mail') | ||
| + | ); | ||
| + | # Group based restriction | ||
| + | $wgLDAPGroupUseFullDN = array( "openldap_conf"=>false ); | ||
| + | $wgLDAPGroupObjectclass = array( "openldap_conf"=>"posixgroup" ); | ||
| + | $wgLDAPGroupAttribute = array( "openldap_conf"=>"memberuid" ); | ||
| + | $wgLDAPGroupSearchNestedGroups = array( "openldap_conf"=>false ); | ||
| + | $wgLDAPGroupNameAttribute = array( "openldap_conf"=>"cn" ); | ||
| + | $wgLDAPRequiredGroups = array( "openldap_conf"=>array("cn=mediawiki,ou=groups,dc=linuggs,dc=de")); | ||
| + | $wgLDAPLowerCaseUsername = array( | ||
| + | 'openldap_conf' => true, | ||
| + | ); | ||
| + | |||
| + | |||
| + | |||
| + | ## Logging Debug-Information for LDAP | ||
| + | #$wgLDAPDebug = 127; | ||
| + | #$wgShowExceptionDetails = true; //for debugging MediaWiki | ||
| + | #$wgDebugLogGroups["ldap"] = "/tmp/debugldap.log"; | ||
| + | </pre> | ||
| + | |||
| + | =Update= | ||
| + | *cd WIKIDIR | ||
| + | *php maintenance/update.php | ||
Aktuelle Version vom 14. Februar 2018, 14:35 Uhr
Links
- https://www.mediawiki.org/wiki/Extension:LDAP_Authentication
- https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Examples
Documentation
Voraussetzung
Paket php-ldap muss installiert sein.
Install
- cd WIKIDIR/extensions
- wget https://github.com/wikimedia/mediawiki-extensions-LdapAuthentication/archive/master.tar.gz
- tar -xvzf master.tar.gz
- mv mediawiki-extensions-LdapAuthentication-master LdapAuthentication
Settings
- LocalSettings.php
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
require_once ('extensions/LdapAuthentication/LdapAuthentication.php');
require_once ('includes/AuthPlugin.php');
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(
'openldap_conf',
);
$wgLDAPServerNames = array(
'openldap_conf' => 'waka.xinux.lan',
);
$wgLDAPSearchStrings = array( 'openldap_conf' => "uid=USER-NAME,ou=users,dc=linuggs,dc=de",
);
#$wgLDAPUseLocal = false;
$wgLDAPUseLocal = true;
$wgLDAPEncryptionType = array(
'openldap_conf' => 'clear',
);
$wgLDAPPort = array(
'openldap_conf' => 389,
);
$wgLDAPProxyAgent = array(
'openldap_conf' => 'cn=admin,dc=linuggs,dc=de',
);
$wgLDAPProxyAgentPassword = array(
'openldap_conf' => 'geheim',
);
$wgLDAPSearchAttributes = array(
'openldap_conf' => 'uid'
);
$wgLDAPBaseDNs = array(
'openldap_conf' => 'dc=linuggs,dc=de',
);
# To pull e-mail address from LDAP
$wgLDAPPreferences = array(
'openldap_conf' => array( 'email' => 'mail')
);
# Group based restriction
$wgLDAPGroupUseFullDN = array( "openldap_conf"=>false );
$wgLDAPGroupObjectclass = array( "openldap_conf"=>"posixgroup" );
$wgLDAPGroupAttribute = array( "openldap_conf"=>"memberuid" );
$wgLDAPGroupSearchNestedGroups = array( "openldap_conf"=>false );
$wgLDAPGroupNameAttribute = array( "openldap_conf"=>"cn" );
$wgLDAPRequiredGroups = array( "openldap_conf"=>array("cn=mediawiki,ou=groups,dc=linuggs,dc=de"));
$wgLDAPLowerCaseUsername = array(
'openldap_conf' => true,
);
## Logging Debug-Information for LDAP
#$wgLDAPDebug = 127;
#$wgShowExceptionDetails = true; //for debugging MediaWiki
#$wgDebugLogGroups["ldap"] = "/tmp/debugldap.log";
Update
- cd WIKIDIR
- php maintenance/update.php