I have installed Mediawiki 1.8.2 running on Windows 2003, served up by PHP 5.2 on IIS 5. I have attempted to integrate this with Active Directory, with lots of help from Ryan Lane, but have thus far been unsuccessful. It looks like such integration would require Openldap and probably more work that it is worth.
You don't need openldap, you just need to uncomment a few lines in your php.ini, and copy a few files into system32. I gave you a link to the step by step instructions. For SSL or TLS to work you'll need to install an SSL certificate in AD.
I'm using MediaWiki with LdapAuthentication 1.1b and authenticating against AD just fine (a number of other people are too).
An easier approach, it seems to me, would be to have IIS do the authentication and pass the information to Mediawiki. This is possible with Windows Integrated authentication. The username is available in PHP under $_SERVER['REMOTE_USER'] or get_current_user(). The next trick is to pass this onto Mediawiki.
I tried the code below but it only generates an HTTP 500 error when parsing InitUser(). This might be because of versioning, because the example is for MediaWiki 1.5.5 and I have 1.8.2.
http://meta.wikimedia.org/wiki/User:Otheus/Auto_Login_via_REMOTE_USER
You need to contact the developer of this plugin, or fix the plugin yourself. I would imagine it isn't too hard to get this working with the newest version of mediawiki.
It also seems rather round-about to create an WebRequest and submit it to the form, which then does the login. Maybe I am missing something here, though, for I am rather rough with PHP.
It *kind of* feels like a dirty hack, but that is how I see it working in pretty much every plugin that uses the AutoAuthenticate hook; this hook gets called before a large portion of the code is put into memory. Notice you only create a login form when you are creating a user, and that is because that class has the functions you need to create users. If the user already exists, you just log the user in.
So, in sum, how do I simply and easily modify Mediawiki to use IIS's authentication?
If you are feeling adventurous, you can fix the plugin yourself. The first thing I'd do would be to change:
global $wgExtensionFunctions; if (!isset($wgExtensionFunctions)) { $wgExtensionFunctions = array(); } else if (!is_array($wgExtensionFunctions)) { $wgExtensionFunctions = array( $wgExtensionFunctions ); } array_push($wgExtensionFunctions, 'Auth_remote_user_hook');
To:
$wgHooks['AutoAuthenticate'][] = 'Auth_remote_user_hook';
Otherwise, quickly glancing over the plugin, I don't see any other major problems.
V/r,
Ryan Lane