I have installed Mediawiki 1.8.2 running on Windows
2003,
served up by PHP 5.2 on IIS 5. I have attempted to integrate
this with Active Directory, with lots of help from Ryan Lane,
but have thus far been unsuccessful. It looks like such
integration would require Openldap and probably more work
that it is worth.
You don't need openldap, you just need to uncomment a few lines in your
php.ini, and copy a few files into system32. I gave you a link to the
step by step instructions. For SSL or TLS to work you'll need to install
an SSL certificate in AD.
I'm using MediaWiki with LdapAuthentication 1.1b and authenticating
against AD just fine (a number of other people are too).
An easier approach, it seems to me, would be to have
IIS do
the authentication and pass the information to Mediawiki.
This is possible with Windows Integrated authentication. The
username is available in PHP under $_SERVER['REMOTE_USER'] or
get_current_user(). The next trick is to pass this onto Mediawiki.
I tried the code below but it only generates an HTTP 500
error when parsing InitUser(). This might be because of
versioning, because the example is for MediaWiki 1.5.5 and I
have 1.8.2.
http://meta.wikimedia.org/wiki/User:Otheus/Auto_Login_via_REMOTE_USER
You need to contact the developer of this plugin, or fix the plugin
yourself. I would imagine it isn't too hard to get this working with the
newest version of mediawiki.
It also seems rather round-about to create an
WebRequest and
submit it to the form, which then does the login. Maybe I am
missing something here, though, for I am rather rough with PHP.
It *kind of* feels like a dirty hack, but that is how I see it working
in pretty much every plugin that uses the AutoAuthenticate hook; this
hook gets called before a large portion of the code is put into memory.
Notice you only create a login form when you are creating a user, and
that is because that class has the functions you need to create users.
If the user already exists, you just log the user in.
So, in sum, how do I simply and easily modify
Mediawiki to
use IIS's authentication?
If you are feeling adventurous, you can fix the plugin yourself. The
first thing I'd do would be to change:
global $wgExtensionFunctions;
if (!isset($wgExtensionFunctions)) {
$wgExtensionFunctions = array();
}
else if (!is_array($wgExtensionFunctions)) {
$wgExtensionFunctions = array( $wgExtensionFunctions );
}
array_push($wgExtensionFunctions, 'Auth_remote_user_hook');
To:
$wgHooks['AutoAuthenticate'][] = 'Auth_remote_user_hook';
Otherwise, quickly glancing over the plugin, I don't see any other major
problems.
V/r,
Ryan Lane