Extension:Plexcel

=Plexcel MediaWiki Plugin=

Note: This Plugin requires a commercial PHP extension that does not run on Windows at this time. Please review the Requirements section carefully.

The Plexcel MediaWiki Plugin seamlessly adds Active Directory authentication to MediaWiki. This plugin has the following features.


 * Active Directory Single Sign-On (SSO)
 * User Information Populated from Active Directory
 * Explicit Login with Username and Password
 * Windows Group Based Access Control Lists (ACLs)
 * Automatic Directory Location
 * No setup on Windows side required
 * Superior Security of Kerberos
 * Internationalization (I18N)

Authentication
The Plexcel MediaWiki Plugin can authenticate clients against Active Directory using Single Sign-On (SSO) or by explicit login using the standard login form.

The default behavior is to authenticate clients using SSO. Users will not need to repeatedly enter their username and password. Just visiting the site will trigger the browser to automatically authenticate the client and pass the user's information to the web server.

Alternatively they may also use the standard login form. If the client does not support SSO (e.g. because they are not logged into the domain) authentication will fall-back to the login form.

Windows Group Based Access Control Lists (ACLs)
Restrict access to your Wiki content using ACLs. The full range of Windows group name forms may be used. Any number of ACLs can be applied to individual pages, pages that match a wildcard expression or to all pages. These access checks are also very fast. Once the group names in your ACLs have been resolved, no communication with the domain is required for subsequent requests.

Automatic Directory Location
Plexcel will automatically locate AD servers. No configuration of the Plexcel module is necessary. If you have multiple AD servers, Plexcel will load balance between them (unless DNS is configured to do otherwise).

Easy Installation
Plexcel comes with an easy to use installer that will locate your AD server, create the necessary HTTP service account and set it's password. After restarting Apache, just copy the PlexcelAuth directory into the MediaWiki extensions directory and add two lines to LocalSettings.php. No modifications on the Windows side are necessary. Installation takes only a few minutes.

=Installation=

Requirements
The following requirements must be satisfied for the Plexcel MediaWiki extension to work.
 * MediaWiki 1.9.3 or newer (older versions should work but they have not been tested)
 * The Plexcel PHP extension also from IOPLEX Software. Plexcel has the following requirements.
 * Linux on 32 bit x86
 * PHP 4, 5.0, 5.1 or 5.2
 * Browsers that support Kerberos SSO (e.g. Internet Explorer)
 * Operator must have sufficient AD privileges to create the HTTP service account
 * Linux web server must have valid entires in DNS
 * Apache must run in a UTF-8 locale to support internationalized text
 * Time and date differences on all machines must nominal (usually within 5 minutes)

For detailed Plexcel requirements and installation instructions please see the Plexcel Operator's Manual on the IOPLEX Software Support page.

Install Prerequisites
Install Apache, PHP and any other prerequisites for MediaWiki. These packages should be installable from your package manager (e.g. yum on Red Hat Linux, apt-get on Ubuntu, etc).

Install Plexcel. See the Plexcel Operator's Manual for details.

Install MediaWiki.

Install the Extension
Download the plexcel-mediawiki-2.0.0.tar.gz file. Unpack the file and copy the PlexcelAuth directory into the MediaWiki extensions directory. This procedure is illustrated by the example command dialog below:

$ wget http://www.ioplex.com/d/plexcel-mediawiki-2.2.0.tar.gz $ tar -xvzf plexcel-mediawiki-2.2.0.tar.gz $ cp -a plexcel-mediawiki-2.2.0/PlexcelAuth mediawiki-1.9.3/extensions

Modifying LocalSettings.php
To activate the Plexcel MediaWiki plugin, add the following to the end of the MediaWiki LocalSettings.php file:

require_once('extensions/PlexcelAuth/PlexcelAuth.php'); $wgAuth = new PlexcelAuth;

The plugin should now be fully functional. Try visiting a page with a suitable Kerberos enabled browser. The user should automatically login. Try clicking “log out” and manually enter alternative credentials. Then logout again and click on any page to resume SSO behavior. If any of this does not work, verify that the Plexcel examples still work and review the Plexcel Operator's Manual if they do not. If the Plexcel examples do not work, the MediaWiki plugin will not work.

Group Based Access Control
To prevent users from access content you can add ACL definitions to your LocalSettings.php like the following simple example:

require_once('extensions/PlexcelAuth/PlexcelAuth.php'); $wgAuth = new PlexcelAuth; $wgAuth->page_acls['*'] = array('Domain Admins');

The above example restricts access to all pages ('*') to only users in the Domain Admins group. You can use wildcard expressions to restrict different content to different groups. See the Plexcel MediaWiki Plugin Manual for detailed instructions regarding access controls.

Finally, we strongly recommend that passwords submitted through the login form be secured over HTTPS. See the HTTPS_on_Login_only page for one possible solution.