Extension:CentralAuth/Walkthrough

OK, since it took me ages to set up CentralAuth, I'm making my own guide. I'm going to make it as easy as possible. Please, be bold and improve it, but this is no place for jargon. pros you might want to use the extension's intructions, as this is n00bish.

Step 1, Download and Install web-end
OK, first, we need to plan. How many wikis do you want? I want 3 wikis. I'm creating a metawiki, testwiki and codwiki.

So download mediawiki. 1.19 is fine, i'm using 1.18wmf1. Doesn't matter, but newer is better. Hop on a linux system and open the terminal. go

sudo -s && cd /

then

svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/CentralAuth/ CA

That will download the latest development centralauth to your computers main directory. If you're on windows, use tortisesvn or something else. Leave snapshots as a last resort.

OK, so set up your wikis. This is self explanatory. Create your directories. In my case, i'm calling them metawiki, codwiki and testwiki. Set them up. I'm using the database named cod_wiki, test_wiki and meta_wiki. nice, you're on your way.

Finish the install (use the exact same username and password for each wiki). download localsettings, etc. do the same again. it gets annoying, but thats the way it goes.

if you don't use the same un/pw for each wiki, you must grant all privileges on each wiki's database and the centralauth database, to each of the wiki's dbUser identified by each dbPass. (noted in each localsettings.php)

OK, on each of the wikis, create a folder called 'CentralAuth' in the 'Extensions' directory. copy the stuff we got from subversion above, it should be in a folder called CA in your root directory. You can also run the  command within each of the extensions folders of your separate wikis.

Step 2. Configure CentralAuth Settings
Now, we need to install the extension to the wiki, and set it up. The setup script needs to be the same in ALL localsettings, or conflicts will ensue. I'm keeping this simple - so here the example code. Copy and pasta, and modify to your needs. i've commented to the side. the important things are to replace the database names with the databases you created, and to change sitename and directory locations. remember, copy this script to the bottom of every wikis localsettings.php.

Notice that your $wgConf configuration is included in this.

Code
Begin by copying into one localsettings, modify, save and copy to the rest. it's not that hard.

Step 3. Create database centralauth (and configure)
Your wiki won't work yet. we need to set up other stuff. create a new sql database and call it 'CentralAuth'. Run centralauth.sql, its in the CA folder in your root directory if you used the svn command line above. This writes tables, etc.

OK, so now we have centralauth set up. but whos managing it? noone. we need to create our global account, by migrating everyone. choose a wiki, i shall choose meta, and use terminal to chdir into it. cd /path/to/webroot/yourMWdirectory/extensions/CentralAuth/maintenance im on mac, so it would be cd /Library/WebServer/Documents/metawiki/Extensions/CentralAuth/maintenance

Now type sudo php migratePass0.php then sudo php migratePass1.php.


 * Windows users, similar but different

You can run this process from each of your wiki's CentralAuth/Migration directories, but it may be easier to use Special:MergeAccount. So go to your other wikis (COD and TEST in my case) and go special:mergeaccount. nice.

now, back to meta. go to Special:UserRights, and make yourself a steward. now, the problem: steward is a local group, we need to migrate it to global. OK, back to terminal, hopefully you're still where we were before sudo php migrateStewards.php You're now a global steward, good for you! What can you do - nothing, yet. Remove your local steward right through special:userrights.

now, use an sql management program, like mysqladmin or terminal, and navigate into centralauth database. head into the global_group_permissions table, and insert:

ggp_group = steward

ggp_permission = globalgrouppermissions

use the command line on the table to make sure the field names are the same.

Linux mysql command line would be: INSERT INTO global_group_permissions (ggp_group,ggp_permission) VALUES ('steward','globalgrouppermissions'),('steward','globalgroupmembership');

Now you have the authority to manage global groups through Special:GlobalGroupPermissions. edit steward, which you are conveniently already member of, and tick everything you want (for me, everything but bot and mark rollback as bot.) You may need to restart your dbserver and/or webserver for the boxes to get checked. Nice. done. you can create new global groups through Special:GlobalGroupPermissions, and add people to it at Special:GlobalUserRights. Special:CentralAuth lets you lock accounts globally, hide them and unmerge them. I suggest installing global IP blocking, which is self explanatory, another guide may be due soon :P

Step 4, Configure global login settings
Finally, we need to do one more thing. You're obviously going to want accounts to be merged at creation. You need to go into each one of your wikis, /extensions/CentralAuth and edit centralauth.php.

Change

to

There are a few other wgSettings there you may want to configure, such as auto-login for all wikis. These are explained in the comments in the file, and elsewhere on the net.

Extra Credit
Also, if you want, you can get rid of the now useless local stewards group, by deleting the following. Wikipedia doesn't - but there is no real reason to keep it.

If you keep them, its recommended you don't allow 'crats to add people to local steward, Manual:$wgAddGroups.

Have fun. I will try answer queries.

Of course, this documentation is released to public domain. if you're nice, attribute me :P