Extension:LDAP Authentication/Configuration Options

The following are options that are usable in "LocalSettings.php":

(These are examples of the extension options, this is not a working example however)

'''Options will not work if put at the beginning of LocalSettings.php. Please place them at the end of LocalSettings.php'''

Enabling the plugin
First, download the snapshot; specifically, always download the trunk version. Follow the directions from the Extension Distributor for where to extract the snapshot.

When using password authentication
Edit $IP/LocalSettings.php

When using smartcard authentication
Edit $IP/LocalSettings.php

Specifying the debug file
This is required in version 1.2b+:

Group options
Using LDAP groups in any way requires $wgLDAPBaseDNs to be set!

The following settings pertain to both synchronizing groups, and group based login restriction.

Auto authentication options
It is highly recommended to see the Smartcard Configuration Examples, and Kerberos Configuration Examples pages before messing with these options.

If you use Smartcard and/or Kerberos authentication, it would be foolish not to use HTTPS and SSL/TLS

Using auto authentication for SSL client certificate stored in LDAP
This configuration worked with version 1.2d. The Apache provides SSL client certificate DN in the $_SERVER['SSL_CLIENT_S_DN'] variable and the certificate DN is also stored in a non-standard LDAP attribute userCertificateSubject.