Extension:External Data/LDAP

You can use External Data to get data from an LDAP server.

The recommended way to retrieve LDAP data is to use one of the display functions (#external_value, #for_external_table, etc.), passing in the necessary parameters for the data retrieval, most notably "source=". You can also retrieve LDAP data by calling the #get_ldap_data or #get_external_data functions, though this approach is deprecated. In all of these cases, you must specify the information, including login information, for the database in the variable $wgExternalDataSources in LocalSettings.php.

For any of these parser functions, you can also call its corresponding Lua function.

A note about security: If you are going to retrieve LDAP data you should think hard about the security implications. Configuring an LDAP server in LocalSettings.php will allow anyone with edit access to your wiki to run queries against that server. You should use a domain user that has the minimum permissions for what you are trying to achieve. Wiki users could run queries to extract all sorts of information about your domain. You should know what you are doing before enabling this function.

Configuration

The PHP extension ldap must be enabled. You need to configure each LDAP server in LocalSettings.php. Add the following stanza for each server:

$wgExternalDataSources['domain'] = [
	'server'	=> 'myldapserver.com',
	'base dn'	=> '[basedn]',
	'user'		=> 'myDomainUser',
	'password'	=> 'myDomainPassword'
];

Where:

domain is a label to be used when calling #get_ldap_data
myDomainuser and myDomainPassword are credentials used to bind to the LDAP server
[basedn] is the base DN used for the search.

Example

$wgExternalDataSources['domain'] = [
	'server'	=> 'foobar.com',
	'base dn'	=> 'OU=Users,dc=foobar,dc=com',
	'user'		=> 'u12345',
	'password'	=> 'mypassword'
];

Usage

Here is the standard call for #for_external_table when retrieving LDAP data:

{{#for_external_table:
 ...text to be displayed...
 |source=The domain ID specified in LocalSettings.php
 |filter=LDAP filter
 |data=data mappings
 |all=set to "true" to get multiple results instead of just one
}}

Example

An example that retrieves a user from a Win2003/AD system, using a user ID passed to a template:

{{#for_external_table:
 * Email: {{{email}}}
 * Title: {{{title}}}
 * Company: {{{company}}}
 * Department: {{{department}}}
 |source=foobar
 |filter=(sAMAccountName={{{id}}})
 |data=email=mail,title=title,company=company,department=department
}}

v t e External Data - navigation
Basics	Main page (talk) Download and installation Configuration Glossary
Functionality	Retrieving and displaying data Tag emulation mode Parsing data Special variables Clearing data Storing data Caching data Throttling data retrievals Lua
Data sources	Web pages examples Local files Databases LDAP Local programs examples Inline Presets
About External Data	Authors Version history Common problems Getting support