Extension:LdapAuth/Configuration

Quick Configuration
If you can't be bothered reading about how to configure the extension properly, don't worry - here's a quick and easy config you can probably get going with!

If you wish to restrict logins to users in a specific OU/DN, see Base DN Configuration.

If you wish to map Active Directory groups to MediaWiki groups, see Group Mapping.

Configuration
As this plugin contains support for multiple domains, most of the following settings have two forms - generic cross-domain setting, or individualised per-domain settings, annotated by PER-DOMAIN.

$wgLdapAuthDomainNames
Specifies the LDAP domain (CN) to which we are connecting. Domains may be space-delimited, comma-delimited, or an array.

Note that this does not provide per-domain configuration, as that simply wouldn't make sense!

REQUIRED

$wgLdapAuthServers
Specifies a list of servers to authenticate each domain.

 REQUIRED PER-DOMAIN 

$wgLdapAuthBindDN
Specifies the user's distinguished name upon which to perform the bind.

 DEFAULT:  PER-DOMAIN 

$wgLdapAuthBindPass
Specifies the password upon which to perform the bind.

 DEFAULT:  PER-DOMAIN</li> </ul>

$wgLdapAuthBaseDN
Specifies the DN within which a search is performed.

 DEFAULT: </li> PER-DOMAIN</li> </ul>

$wgLdapAuthSearchTree
Specifies whether or not to perform a recursive search on the BaseDN.

 DEFAULT: </li> PER-DOMAIN</li> </ul>

$wgLdapAuthSearchFilter
The filter to be used when performing a search. By default, searches may be performed against first name, last name or username. Disabled accounts are filtered. %1$s is used as a placeholder for the username for which we are searching.

 DEFAULT: </li> PER-DOMAIN</li> </ul>

$wgLdapAuthEncryptionType
The encryption method to use on the connection. Valid values are false, 'ssl', 'tls'.

 DEFAULT: </li> PER-DOMAIN</li> </ul>

$wgLdapAuthUseLocal
Specifies whether local authentication may be performed against the MediaWiki database.

Note that this does not provide per-domain configuration.

 DEFAULT: </li> </ul>

$wgLdapAuthRequireDomain
If there is only one domain to select from, the domain field will be hidden for brevity. We can override this behaviour and force the field to always display.

Note that this does not provide per-domain configuration.

 DEFAULT: </li> </ul>

$wgLdapAuthMapGroups
Maps LDAP groups to equivalent MediaWiki groups.

<ul> <li>DEFAULT: </li> <li>PER-DOMAIN</li> </ul>

$wgLdapAuthCacheGroupMap
Specifies the period of time for which LDAP grouping should be synced for a user.

<ul> <li>DEFAULT: </li> <li>PER-DOMAIN</li> </ul>

$wgLdapAuthIsActiveDirectory
Are we connecting to an Active-Directory LDAP server?

<ul> <li>DEFAULT: </li> <li>PER-DOMAIN</li> </ul>