I know what a lot of people are going to say....
"google it". I have,
but there are many different configuration settings and examples for
different versions of the plugin and different versions of mediawiki,
I've yet to have any success with them, hence why I'm now asking here.
This is why I tell people to only use the official documentation on
mediawiki.org. It's always up to date, and it's fairly in depth
(improvements welcome).
Below is what I've got so far, but it's not a
lot. I've disabled
anonymous access via IIS and enabled windows authentication, but I'm not
getting any single sign on functionality. However, if anyone has
accomplished at least the first two objectives listed above and would be
able to provide me with a "template" of their config (sensitive data
obviously omitted) then I would really appreciate it.
Are you sure the authentication is working?
//
//LDAP Authentication Configuration
//
require_once( "/extensions/LdapAuthentication.php" );
require_once( "/extensions/LdapAutoAuthentication.php" );
//the domain name is any arbitrary name that you will use as a variable
$wgLDAPDomainNames = array("localdomain.local");
//define the fully qualified name of your AD domain
$wgLDAPServerNames = array("localdomain.local"=>"DC1.localdomain.local
DC2.localdomain.local");
$wgLDAPEncryptionType = array("localdomain.local"=>"ssl");
//this is the short name of your domain, not the arbitrary variable
mentioned below
$wgLDAPAutoAuthDomain = "localdomain.local";
//this is how you get the wiki user to be username as opposed to
DOMAIN\username
list($dom,$userid)=split('[\]',$_SERVER['REMOTE_USER']);
$wgLDAPAutoAuthUsername = $userid;
$wgLDAPBaseDNs =
array("localdomain.local"=>"ou=Users,DC=localdomain,dc=local");
$wgLDAPSearchAttributes = array("localdomain.local" =>
"sAMAccountName");
$wgMinimalPasswordLength = 1;
//Group Configuration
$wgLDAPGroupUseFullDN = array( "localdomain.local"=>true );
$wgLDAPGroupObjectclass = array( "localdomain.local"=>"group" );
$wgLDAPGroupAttribute = array( "localdomain.local"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "localdomain.local"=>false );
$wgLDAPUseLDAPGroups = array( "localdomain.local"=>true );
$wgLDAPGroupNameAttribute = array(
"localdomain.local"=>"cn=sysop,ou=Users,dc=localdomain,dc=local"
);
$wgLDAPGroupNameAttribute = array( "localdomain.local"=>"sysop"
);
AutoAuthSetup();
//this is where you define the credentials necessary to read information
from AD
//you only need this if you want to pull the name, email address and
groups from AD
$wgLDAPProxyAgent = array('localdomain.local'
=>'CN=MediaWikiLDAPSearcher,OU=Users,DC=localdomain,DC=local');
$wgLDAPProxyAgentPassword = array('localdomain.local' =>
'MyLDAPSearcherPassword');
$wgLDAPPreferences =
array("localdomain.local"=>array("email"=>"mail","realname"=>"cn","nickname"=>"givenName"));
I don't see any issues with the configuration. You should enable
debugging and reply with the debug log with sensitive stuff snipped
out.
- Ryan Lane