Difference between revisions of "Using eDirectory to control access to MediaWiki"

From MicroFocusInternationalWiki
Jump to: navigation, search
(Configuration)
Line 1: Line 1:
The goal of this page is to configure MediaWiki to use eDirectory for user authentication based on group membership.
+
The goal of this page is to configure MediaWiki to use eDirectory for user authentication. I will also explain how to configure authentication based on group membership.
  
 
=Prerequisites=
 
=Prerequisites=

Revision as of 18:59, 5 March 2006

The goal of this page is to configure MediaWiki to use eDirectory for user authentication. I will also explain how to configure authentication based on group membership.

Prerequisites

Before we begin I am going to assume that you have the following configured:

  • MediaWiki 1.5+ Configured and running on Server (I'm working on another wiki right now that will detail the steps needed to get MediaWiki running on SLES 9
  • eDirectory installed and configured (I'm using eDirectory 8.8)

Here is how my servers are configured for reference

  • eDirectory Server has a DNS name of edir.wikidemo.org
  • wiki server has a DNS name of wiki.wikidemo.org
  • eDirectory configuration
    • users are in ou=users,o=novell
    • created a group called wiki in the users OU

Installation

Download the latest version of the MediaWiki LDAP module from http://meta.wikimedia.org/wiki/LDAP

The module is called LDAP_Authentication and is saved into your MediWiki directory.

I'm running on SLES, so my directory is /srv/www/htdocs/wiki

Configuration

The LDAP_Authentication receives parameters from your localSettings.PHP to tell it how it should be configured and behave.


Here are my updates to my localSettings.PHP

require_once( 'LdapAuthentication.php' );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "wikidemo" );
$wgLDAPServerNames = array( "wikidemo"=>"edir.wikidemo.org"  );
$wgLDAPSearchStrings = array( "wikidemo"=>"cn=USER-NAME,ou=users,o=novell" );
$wgLDAPUseSSL = true;
$wgLDAPUseLocal = false;
$wgLDAPAddLDAPUsers = false;
$wgLDAPUpdateLDAP = false;
$wgLDAPMailPassword = false;
$wgLDAPRetrievePrefs = false;
$wgMinimalPasswordLength = 1;