There are no approved versions of this page.
You are viewing an old version of this page. Return to the latest version.
Version of 15:04, 23 July 2019 by WikiSysop
Difference between revisions of "Manual:Extension/LDAPAuthentication/LDAP"
< Manual:Extension | LDAPAuthenticationReturn to history page
← Manual:Extension/LDAPAuthentication/LDAP
← Manual:Extension/LDAPAuthentication/LDAP
| [unchecked revision] | [unchecked revision] |
(Created page with "/etc/ldapprovider.json ==ldapprovider.json== <syntaxhighlight lang="json"> { "DOMAIN OF CUSTOMER": { "connection": { "server": "", "user": "", "pass": ""...") (Tag: 2017 source edit) |
m (Text replacement - "LDAPAuthentication" to "Manual:Extension/LDAPAuthentication") |
/etc/ldapprovider.json
ldapprovider.json[edit | edit source]
{
"DOMAIN OF CUSTOMER": {
"connection": {
"server": "",
"user": "",
"pass": "",
"basedn": "",
"userbasedn": "",
"groupbasedn": "",
"searchattribute": "samaccountname",
"usernameattribute": "samaccountname",
"realnameattribute": "displayname",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory",
"nestedgroups": true
},
"authorization": {
"rules": {
"groups": {
"required": [ "" ]
}
}
},
"userinfo": {
"attributes-map": {
"email": "mail",
"realname": "displayname",
}
},
"groupsync": {
"mechanism": "allgroups"
}
}
}
090-LDAP.php[edit | edit source]
wfLoadExtensions( [
'Auth_remoteuser',// only needed if SingleSignOn is used
'LDAPProvider',
'Manual:Extension/LDAPAuthentication2',
'LDAPAuthorization',
'LDAPGroups',
'LDAPUserInfo',
'PluggableAuth'
] );
$LDAPProviderDomainConfigs = "/etc/ldapprovider.json";
$LDAPAuthentication2AllowLocalLogin$Manual:Extension/LDAPAuthentication2AllowLocalLogin = false;
$LDAPAuthentication2UsernameNormalizer$Manual:Extension/LDAPAuthentication2UsernameNormalizer = 'strtolower';
$LDAPProviderCacheTime = 300;
$LDAPProviderCacheType = CACHE_MEMCACHED; // or CACHE_NONE if no memcached is installed
$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain'; // remove if your $_SERVER[ 'REMOTE_USER' ] is like "domain\user". If you have to remove this, follow step 2
$bsgPermissionConfig['autocreateaccount'] = [ 'type' => 'global', "roles" => [ 'autocreateaccount' ] ];
$wgAuthRemoteuserUserName = function() {
global $wgDBname;
$user = '';
if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {
$user = $_SERVER[ 'REMOTE_USER' ];
}
//Bypass fot Parsoid / PhantomJS calls
if( isset( $_SERVER[ 'REMOTE_ADDR' ] ) && substr( $_SERVER[ 'REMOTE_ADDR' ], 0, 4 ) == '127.' ) {
if( empty( $user ) ) {
// check the 304f3058RemoteToken name of your cookies in your browser!
$user = $_COOKIE[$wgDBname.'304f3058RemoteToken'] . '@DOMAIN OF CUSTOMER'; // Step 2: change this to $user = 'DOMAIN OF CUSTOMER\\' . $_COOKIE[$wgDBname.'304f3058RemoteToken'];
}
}
return $user;
};
Note: Der Teil 304f3058 This part 304f3058 of the cookie will change on some reasons. It should not, but we've seen it. So check with the cookies in your browser. $wgDBname is set in your LocalSettings.php
/etc/ldapprovider.json
==ldapprovider.json==
<syntaxhighlight lang="json">
{
"DOMAIN OF CUSTOMER": {
"connection": {
"server": "",
"user": "",
"pass": "",
"basedn": "",
"userbasedn": "",
"groupbasedn": "",
"searchattribute": "samaccountname",
"usernameattribute": "samaccountname",
"realnameattribute": "displayname",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory",
"nestedgroups": true
},
"authorization": {
"rules": {
"groups": {
"required": [ "" ]
}
}
},
"userinfo": {
"attributes-map": {
"email": "mail",
"realname": "displayname",
}
},
"groupsync": {
"mechanism": "allgroups"
}
}
}
</syntaxhighlight>
==090-LDAP.php==
<syntaxhighlight lang="php">
wfLoadExtensions( [
'Auth_remoteuser',// only needed if SingleSignOn is used
'LDAPProvider',
'Manual:Extension/LDAPAuthentication2',
'LDAPAuthorization',
'LDAPGroups',
'LDAPUserInfo',
'PluggableAuth'
] );
$LDAPProviderDomainConfigs = "/etc/ldapprovider.json";
$LDAPAuthentication2AllowLocalLogin$Manual:Extension/LDAPAuthentication2AllowLocalLogin = false;
$LDAPAuthentication2UsernameNormalizer$Manual:Extension/LDAPAuthentication2UsernameNormalizer = 'strtolower';
$LDAPProviderCacheTime = 300;
$LDAPProviderCacheType = CACHE_MEMCACHED; // or CACHE_NONE if no memcached is installed
$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain'; // remove if your $_SERVER[ 'REMOTE_USER' ] is like "domain\user". If you have to remove this, follow step 2
$bsgPermissionConfig['autocreateaccount'] = [ 'type' => 'global', "roles" => [ 'autocreateaccount' ] ];
$wgAuthRemoteuserUserName = function() {
global $wgDBname;
$user = '';
if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {
$user = $_SERVER[ 'REMOTE_USER' ];
}
//Bypass fot Parsoid / PhantomJS calls
if( isset( $_SERVER[ 'REMOTE_ADDR' ] ) && substr( $_SERVER[ 'REMOTE_ADDR' ], 0, 4 ) == '127.' ) {
if( empty( $user ) ) {
// check the 304f3058RemoteToken name of your cookies in your browser!
$user = $_COOKIE[$wgDBname.'304f3058RemoteToken'] . '@DOMAIN OF CUSTOMER'; // Step 2: change this to $user = 'DOMAIN OF CUSTOMER\\' . $_COOKIE[$wgDBname.'304f3058RemoteToken'];
}
}
return $user;
};
</syntaxhighlight>
{{Hinweis|Der TeilThis part ''304f3058'' of the cookie will change on some reasons. It should not, but we've seen it. So check with the cookies in your browser. $wgDBname is set in your LocalSettings.php }}| (3 intermediate revisions by 2 users not shown) | |||
| Line 44: | Line 44: | ||
'Auth_remoteuser',// only needed if SingleSignOn is used | 'Auth_remoteuser',// only needed if SingleSignOn is used | ||
'LDAPProvider', | 'LDAPProvider', | ||
| − | 'LDAPAuthentication2', | + | 'Manual:Extension/LDAPAuthentication2', |
'LDAPAuthorization', | 'LDAPAuthorization', | ||
'LDAPGroups', | 'LDAPGroups', | ||
| Line 52: | Line 52: | ||
$LDAPProviderDomainConfigs = "/etc/ldapprovider.json"; | $LDAPProviderDomainConfigs = "/etc/ldapprovider.json"; | ||
| − | $LDAPAuthentication2AllowLocalLogin = false; | + | $Manual:Extension/LDAPAuthentication2AllowLocalLogin = false; |
| − | $LDAPAuthentication2UsernameNormalizer = 'strtolower'; | + | $Manual:Extension/LDAPAuthentication2UsernameNormalizer = 'strtolower'; |
$LDAPProviderCacheTime = 300; | $LDAPProviderCacheTime = 300; | ||
$LDAPProviderCacheType = CACHE_MEMCACHED; // or CACHE_NONE if no memcached is installed | $LDAPProviderCacheType = CACHE_MEMCACHED; // or CACHE_NONE if no memcached is installed | ||
$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain'; // remove if your $_SERVER[ 'REMOTE_USER' ] is like "domain\user". If you have to remove this, follow step 2 | $LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain'; // remove if your $_SERVER[ 'REMOTE_USER' ] is like "domain\user". If you have to remove this, follow step 2 | ||
| + | |||
| + | $bsgPermissionConfig['autocreateaccount'] = [ 'type' => 'global', "roles" => [ 'autocreateaccount' ] ]; | ||
$wgAuthRemoteuserUserName = function() { | $wgAuthRemoteuserUserName = function() { | ||
| Line 77: | Line 79: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | {{Hinweis| | + | {{Hinweis|This part ''304f3058'' of the cookie will change on some reasons. It should not, but we've seen it. So check with the cookies in your browser. $wgDBname is set in your LocalSettings.php }} |