On Wednesday, March 26, 2008 10:56 PM -0700 Walken c_to_the_rhyme@yahoo.com wrote:
I have a group of around 100 people, and I would like to make it so that they are the only ones who can view and edit the wiki, how can I do this? Is there a setting where I can review the email addresses of people that create accounts on the wiki, before they are allowed to view anything except the homepage or edit anything?
This might be a good subject for the Enterprise list.
I installed the HttpAuthPlugin module and set it to honor existing HTTP auth. Be sure to look at its Talk page for the list of needed patches to make it work.
http://www.mediawiki.org/wiki/Extension:HttpAuth
I'm using Apache's LDAP auth provider to do the actual login using Active Directory credentials.
Apache config looks like this (assuming AD domain is ad.example.lan and a user "apache" exists in AD to search the directory):
<VirtualHost *:80> ServerAdmin webmaster@example.com ServerName wiki.example.com ServerAlias wiki.example.lan DocumentRoot /srv/wiki </VirtualHost>
<Directory /srv/wiki/MediaWiki> AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthName "EXAMPLEWiki" AuthLDAPURL "ldap://ad.example.lan:389/CN=Users,DC=ad,DC=example,DC=lan?sAMAccountName?sub?(objectClass=*)" NONE AuthLDAPBindDN "CN=apache,CN=Users,DC=ad,DC=example,DC=lan" AuthLDAPBindPassword apache require valid-user </Directory>