Extension:LDAP Authentication/Configuration Example Notes

SSL
Notice that SSL is enabled in all examples. Your LDAP server may or may not require SSL. If you do not require SSL (if you set AD to not require signed communications), you can set that option to "false". Be aware that doing so will cause your domain user's passwords to be sent over the line in the clear.

For SSL to work, you must install an SSL certificate on your LDAP server, your wiki's server must trust the LDAP server's CA, and the DNS name of your LDAP server must resolve to the cn on the certificate issued.

Remember, if your web server does not use SSL (URL starts with http:// ), your password will be transmitted in clear text from the client browser to the web server. This is independent of the SSL settings described below from the web server to the LDAP server.

General Setup
Be sure to enable LDAP authentication within PHP. Make sure that you have installed the necessary packages for your distro. Currently, Mediawiki does not complain about missing LDAP support for PHP - it will just give you a blank screen after trying to log in.


 * RedHat EL based distro (CentOS 4.3):

yum install php-ldap

Make sure, that  contains


 * Ubuntu 6.06.1 (Dapper Drake) and others:

sudo apt-get install php-ldap

or possibly..

sudo apt-get install php5-ldap


 * Other distros:

Modify php.ini, and uncomment the line:

;extension=php_ldap.dll

change to:

extension=php_ldap.dll