LDAP authentication for your Wiki

In the MediaWiki CMS we have an extension for the LDAP authentication: LDAP_Authentication.

Then I we have an Directory Server (LDAP or Active Directory), we can use our wiki with our global authentication services.

We can install the file LdapAuthentication.php version 1.1g, in the extensions directory of our wiki: /var/www/wiki/extensions.

After you can add the following lines (customized for your system)in the configuration file LocalSettings.php:

# LDAP Validation
require_once( "$IP/extensions/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
 
  //Names for the used domains.
  $wgLDAPDomainNames = array("LEBRIJO.COM");
 
  //Relation between the directory server and the DNS name.
  $wgLDAPServerNames = array("LEBRIJO.COM"=>"ldap.lebrijo.com");
 
  //We can leave the wiki authentication with LDAP.
  $wgLDAPUseLocal = true;
 
  //Encrypt the LDAP packets.
  $wgLDAPEncryptionType = array("LEBRIJO.COM"=>"clear");
 
  //Query base for the user in our directory
  $wgLDAPBaseDNs = array("LEBRIJO.COM"=>"dc=lebrijo,dc=com");
  $wgLDAPSearchAttributes = array("LEBRIJO.COM"=>"uid");
 
  //Using LDAP groups for group directives:
  $wgLDAPGroupsPrevail = array("LEBRIJO.COM"=>true);
  $wgLDAPGroupNameAttribute = array("LEBRIJO.COM"=>"cn");

At this moment the LDAP user can use your wiki with their LDAP authetication user/password.

At the same configuration file we can write the access restrictions for the other visitors:

# VALIDATION AND ACCESS CONTROL:
# Basic for all the visitors by default:
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['createtalk'] = false;

Leave a Reply

Your email address will not be published. Required fields are marked *