Extension:Windows NTLM LDAP Auto Auth

Introduction
Having seen the fucntionallity of Media WIKI I wanted to use the system as a way of document control within our IT department. We wanted to have the authentication and group security controlled by our Active Directory domain. After messing with the auth plugin's written by others I found that none of them suited our way of working so I decided to write our own, and this is the result.

Feature Set
This auth plugin is based on Rusty Burchfield's Extension:AutomaticREMOTE_USER and Ryan Lane's Ldap.


 * Allow Windows Active Directory domain verification of the IIS authenticated user.
 * Creates internal WIKI accounts and imports LDAP fields. (mail,firstname,surname)
 * Connects to Windows Global Catalog to allow support for multiple domains / forests.
 * Permission / Security control of which LDAP groups can access the WIKI.
 * Permission / Security mapping of LDAP groups to internal wiki groups.
 * Automatic creation of internal WIKI groups, and user membership.
 * Removal of Login / Logout access & buttons.
 * No anonymous access.

Permission mapping may also require Extension:Group_Based_Access_Control to provide granular access to pages within the WIKI.

Please note that access control cannot be 100% effective within the WIKI please see Security_issues_with_authorization_extensions

Tested On

 * MediaWIKI 1.13.0rc2
 * PHP 5.2.6 (isapi)
 * MySQL 5.0.67-community-nt
 * IIS 5.1

Installation

 * Configure IIS to do the Authentication (disable anonymous access).
 * Copy WinNTLMLDAPAutoAuth.php in your extension dir.
 * Edit settings within WinNTLMLDAPAutoAuth.php to suit your windows environment.
 * Add the following lines to your LocalSettings.php

WinNTLMLDAPAutoAuth Settings
You may also need to edit the following line in the config to reflect your server name. I'm sure that this is a variable avalible within PHP.

Other Recommendations

 * Please be aware that due to some bug in the wiki, i would recommend setting the following.

Whilst developing this auth plugin we also looked at changing the skin to suit a more professional enbvironment. We came across the GuMax Skin which with a few tweaks to the colors then suited our internal look and feel.

Visit Paul Gu's wiki at