Extension:External Data/LDAP

You can use External Data to get data from an LDAP server.

As of version 3.2, the recommended way to retrieve database data is to use one of the display functions (#external_value, #for_external_table, etc.), passing in the necessary parameters for the data retrieval, most notably "source=". You can also retrieve database data by calling the #get_db_data function, or (for version 3.0 and higher) #get_external_data. In all of these cases, you must specify the information, including login information, for the database in the variable $wgExternalDataSources in LocalSettings.php.

For any of these parser functions, you can also call its corresponding Lua function.

A note about security: If you are going to retrieve LDAP data you should think hard about the security implications. Configuring an LDAP server in LocalSettings.php will allow anyone with edit access to your wiki to run queries against that server. You should use a domain user that has the minimum permissions for what you are trying to achieve. Wiki users could run queries to extract all sorts of information about your domain. You should know what you are doing before enabling this function.

Configuration[edit]

The PHP extension ldap must be enabled. You need to configure each LDAP server in LocalSettings.php. Add the following stanza for each server:

$wgExternalDataSources['domain'] = [
	'server'	=> 'myldapserver.com',
	'base dn'	=> '[basedn]',
	'user'		=> 'myDomainUser',
	'password'	=> 'myDomainPassword'
];

Where:

domain is a label to be used when calling #get_ldap_data
myDomainuser and myDomainPassword are credentials used to bind to the LDAP server
[basedn] is the base DN used for the search.

Example[edit]

$wgExternalDataSources['domain'] = [
	'server'	=> 'foobar.com',
	'base dn'	=> 'OU=Users,dc=foobar,dc=com',
	'user'		=> 'u12345',
	'password'	=> 'mypassword'
];

Usage[edit]

The examples below refer to #get_ldap_data. To retrieve LDAP data using any of the other parser (or Lua) functions, you can use all of the same parameters, but specify "source=", instead of "domain=", for the ID stored in LocalSettings.php.

Here is the standard call for #get_ldap_data:

{{#get_ldap_data:
 domain=domain. This parameter can be passed as 'source' or even anonymously, provided there are no equal signs in it
 |filter=LDAP filter
 |data=data mappings
 |all=true
}}

Where:

domain is the label used in LocalSettings.php
filter is the LDAP filter used for the search
data is the mappings of LDAP attributes to local variables
if all is not added, the query will retrieve only one result.

Example[edit]

An example that retrieves a user from a Win2003/AD system, using a user ID passed to a template:

{{#get_ldap_data:
 domain=foobar
 |filter=(sAMAccountName={{{id}}})
 |data=email=mail,title=title,company=company,department=department
}}

v t e External Data - navigation
Basics	Main page (talk) Download and installation Configuration Glossary
Functionality	Retrieving and displaying data Parsing data Special variables Clearing data Storing data Caching data Throttling data retrievals Lua
Data sources	Web pages examples Local files Databases LDAP Local programs examples Inline
About External Data	Authors Version history Common problems Getting support