Difference between revisions of "Manual:Extension/LDAPAuthentication/LDAP"

/etc/ldapprovider.json
        
        
        
        ==ldapprovider.json==
        
        
        <syntaxhighlight lang="json">
        
        {
        
        	"DOMAIN OF CUSTOMER": {
        
        		"connection": {
        
        			"server": "",
        
        			"user": "",
        
        			"pass": "",
        
        			"basedn": "",
        
        			"userbasedn": "",
        
        			"groupbasedn": "",
        
        			"searchattribute": "samaccountname",
        
        			"usernameattribute": "samaccountname",
        
        			"realnameattribute": "displayname",
        
        			"emailattribute": "mail",
        
        			"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory",
        
        			"nestedgroups": true
        
        		},
        
        		"authorization": {
        
        			"rules": {
        
        				"groups": {
        
        					"required": [ "" ]
        
        				}
        
        			}
        
        		},
        
        		"userinfo": {
        
        			"attributes-map": {
        
        				"email": "mail",
        
        				"realname": "displayname",
        
        			}
        
        		},
        
        		"groupsync": {
        
        			"mechanism": "allgroups"
        
        		}
        
        	}
        
        }
        
        
        </syntaxhighlight>
        
        
        
        ==090-LDAP.php==
        
        
        <syntaxhighlight lang="php">
        
        wfLoadExtensions( [
        
        	'Auth_remoteuser',// only needed if SingleSignOn is used
        
        	'LDAPProvider',
        
        	'Manual:Extension/LDAPAuthentication2',
        
        	'LDAPAuthorization',
        
        	'LDAPGroups',
        
        	'LDAPUserInfo',
        
        	'PluggableAuth'
        
        ] );
        
        
        
        $LDAPProviderDomainConfigs = "/etc/ldapprovider.json";
        
        
        $LDAPAuthentication2AllowLocalLogin$Manual:Extension/LDAPAuthentication2AllowLocalLogin = false;
        
        
        $LDAPAuthentication2UsernameNormalizer$Manual:Extension/LDAPAuthentication2UsernameNormalizer = 'strtolower';
        
        $LDAPProviderCacheTime = 300;
        
        $LDAPProviderCacheType = CACHE_MEMCACHED; // or CACHE_NONE if no memcached is installed
        
        $LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain'; // remove if your $_SERVER[ 'REMOTE_USER' ] is like "domain\user". If you have to remove this, follow step 2
        
        
        
        $bsgPermissionConfig['autocreateaccount'] = [ 'type' => 'global', "roles" => [ 'autocreateaccount' ] ];
        
        
        
        $wgAuthRemoteuserUserName = function() {
        
        	global $wgDBname;
        
        	$user = '';
        
        	if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {
        
        		$user = $_SERVER[ 'REMOTE_USER' ];
        
        	}
        
        
        
        	//Bypass fot Parsoid / PhantomJS calls
        
        	if( isset( $_SERVER[ 'REMOTE_ADDR' ] ) && substr( $_SERVER[ 'REMOTE_ADDR' ], 0, 4 ) == '127.' ) {
        
        		if( empty( $user ) ) {
        
        			// check the 304f3058RemoteToken name of your cookies in your browser!
        
        			$user = $_COOKIE[$wgDBname.'304f3058RemoteToken'] . '@DOMAIN OF CUSTOMER'; // Step 2: change this to $user = 'DOMAIN OF CUSTOMER\\' . $_COOKIE[$wgDBname.'304f3058RemoteToken'];
        
        		}
        
        	}
        
        
        
        	return $user;
        
        };
        
        
        </syntaxhighlight>
        
        
        
        {{Hinweis|This part ''304f3058'' of the cookie will change on some reasons. It should not, but we've seen it. So check with the cookies in your browser. $wgDBname is set in your LocalSettings.php }}