Extension:CentralAuth/Walkthrough

This is a walkthrough for CentralAuth, The aim is to make it as simple as possible. If you edit this guide, try and keep it simple.

Step 1, Download and Install web-end
First, how many wikis you want. I will be running through an example with 3 wikis, "metawiki", "testwiki", and "codwiki"

Download MediaWiki. This guide makes the assumption you are running on a Linux system. CentralAuth can be set up on a Windows server but this guide will not explicitly tell you how it's done.

then git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/CentralAuth.git

That will download the latest development centralauth to a folder called CentralAuth into the root (top) directory of your system.. While snapshots can be used, subversion is preferred.

Next, we will install MediaWiki as usual, with some considerations taken into account. Create your directories. In my case, i'm calling them metawiki, codwiki and testwiki. I'm using databases named named cod_wiki, test_wiki and meta_wiki. Note how the databases have a similar suffix. Make the account details the same across all installs, as they will be merged together later.

Finish the install (using the exact same database username and password for each wiki). download, etc. Repeat for each wiki.

if you don't use the same un/pw for each wiki, you must grant all privileges on each wiki's database and the centralauth database, to each of the wiki's dbUser identified by each dbPass. (noted in each ). Tl;dr use the same username and password.

Copy CentralAuth (the folder we downloaded) to every wikis 'extensions folder'.

Step 2. Configure CentralAuth Settings
Now, we need to install the extension to the wiki, and set it up. The setup script needs to be the same in ALL localsettings, or conflicts will ensue. I'm keeping this simple - so here the example code. Copy and paste this code into your, and modify to your needs. I've commented to the side. The important things are to replace the database names with the databases you created, and to change sitename and directory locations. Remember, copy this script to the bottom of every wikis.

Notice that your $wgConf configuration is included in this.

Code
Begin by copying into one localsettings, modify, save and copy to the rest.

Step 3. Create database centralauth (and configure)
Your wikis won't work yet. We need to set up other stuff. Create a new sql database and call it 'CentralAuth'. Run centralauth.sql -- if you don't know how to do this the easiest way is to use a tool called phpMyAdmin. schema/mysql/tables-generated.sql is located in the CA folder in your root directory if you used the svn command line above. This writes tables, and sets up the database

Now we have centralauth set up, but nobody is configured to manage it. We need to create our global account, by migrating everyone. Choose a wiki, I shall choose meta, and use terminal to chdir into it. cd /path/to/mediawiki/extensions/CentralAuth/maintenance Now type php migratePass0.php then php migratePass1.php


 * Windows users, similar but different

You can run this process from each of your wiki's CentralAuth/Migration directories, but it may be easier to use Special:MergeAccount. So go to your other wikis (COD and TEST in my case) and go to Special:MergeAccount

Now, back to meta. go to Special:UserRights, and make yourself a 'steward'. The problem now is: steward is a local group, we need to migrate it to global. Back to terminal, hopefully you're still where we were before php migrateStewards.php You're now a global steward, good for you! What can you do - nothing, yet. You may want to remove your local steward group via Special:UserRights, it's no longer needed.

Since Special:GlobalGroupPermissions is only usable by users with the  user right from a global group, we have to insert the first user right manually via SQL management (e.g. phpMyAdmin or via shell). Using the  database, run:

Now you have the authority to manage global groups through Special:GlobalGroupPermissions. Edit steward, which you are conveniently already member of, and tick everything you want (for me, everything except "bot" and "mark rollback as bot".) You can create new global groups through Special:GlobalGroupPermissions, and add people to it at Special:GlobalUserRights.

Special:CentralAuth lets you lock accounts globally, hide them, and unmerge them. I suggest installing global IP blocking, which is self explanatory.

Step 4. Configure global login settings
Finally, we need to do one more thing. You're obviously going to want accounts to be merged at creation. You need to add this to your :

There are a few other wgSettings there you may want to configure, such as auto-login for all wikis. These are explained in the comments in  and elsewhere on the net.

Do not edit CentralAuth.php itself or your changes may be lost if you upgrade the extension.

Extra Credit
Also, if you want, you can get rid of the now useless local stewards group, by deleting the following. Wikipedia doesn't - but there is no real reason to keep it.

If you keep them, its recommended you don't allow 'crats to add people to local steward, refer Manual:$wgAddGroups.

But individual configuration takes so long, how did the WMF do this for each of their wikis?
The WMF didn't take this approach. They use a commonsettings.php file that sets up all the wikis, but that's complicated to explain. For 3 wikis, copy and paste is the easier approach. In fact if you were thinking of taking the commonsettings approach, you probably wouldn't have come here.

I can't do it!
Try and ask for help at the CentralAuth extension talk page or on this guides talk page. Don't get too down, this along with Farmer is one of the hardest extensions to get running. Have you considered ?