Using eDirectory to control access to MediaWiki

From MicroFocusInternationalWiki
Revision as of 19:07, 5 March 2006 by Equill (Talk | contribs)

Jump to: navigation, search

The goal of this page is to configure MediaWiki to use eDirectory for user authentication. I will also explain how to configure authentication based on group membership.

Prerequisites

Before we begin I am going to assume that you have the following configured:

  • MediaWiki 1.5+ Configured and running on Server (I'm working on another wiki right now that will detail the steps needed to get MediaWiki running on SLES 9
  • eDirectory installed and configured (I'm using eDirectory 8.8)

Here is how my servers are configured for reference

  • eDirectory Server has a DNS name of edir.wikidemo.org
  • wiki server has a DNS name of wiki.wikidemo.org
  • eDirectory configuration
    • users are in ou=users,o=novell
    • created a group called wiki in the users OU

Installation

Download the latest version of the MediaWiki LDAP module from http://meta.wikimedia.org/wiki/LDAP

The module is called LDAP_Authentication and is saved into your MediWiki directory.

I'm running on SLES, so my directory is /srv/www/htdocs/wiki

Configuration

The LDAP_Authentication receives parameters from your localSettings.PHP to tell it how it should be configured and behave. The localSettings.PHP is the file that controls all configuration for MediaWiki. To add the parameters needed for the LDAP_Authentication to work you just need to append them to the end of your existing localSettings.PHP in you wiki directory.


Here are my updates to my localSettings.PHP

require_once( 'LdapAuthentication.php' );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "wikidemo" );
$wgLDAPServerNames = array( "wikidemo"=>"edir.wikidemo.org"  );
$wgLDAPSearchStrings = array( "wikidemo"=>"cn=USER-NAME,ou=users,o=novell" );
$wgLDAPUseSSL = true;
$wgLDAPUseLocal = false;
$wgLDAPAddLDAPUsers = false;
$wgLDAPUpdateLDAP = false;
$wgLDAPMailPassword = false;
$wgLDAPRetrievePrefs = false;
$wgMinimalPasswordLength = 1;