Extension:LDAPAuthorization/fi
This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.
This extension depends on the PluggableAuth extension, which must be installed first.This extensions checks for certain authorization requirements when logging into a wiki by using Extension:PluggableAuth or Extension:Auth remoteuser. If one of the requirements are not satisfied the login process will be cancelled.
 Julkaisustatus: vakaa |
|
|---|---|
|
|
| Tekijä(t) | Cindy Cicalese, Mark A. Hershberger, Robert Vogel |
| Viimeisin versio | 1.0.0 |
| Yhteensopivuuskäytäntö | Snapshots releases along with MediaWiki. Master is not backward compatible. |
| MediaWiki | 1.31+ |
|
|
| Licence | GNU General Public License 2.0 tai myöhempi |
| Lataa | |
| Voit kääntää LDAPAuthorization-laajennuksen mikäli se on saatavilla translatewiki.netissä | |
Asennus
- Install the LDAPProvider and PluggableAuth extensions.
- Lataa ja siirrä purettu kansio nimeltä
LDAPAuthorizationextensions/-kansioosi.
Kehittäjien ja koodipaikkauksia tekevien tahojen tulisi asentaa laajennos git-versionhallintaohjelmaa käyttäen:cd extensions/ git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthorization
- Lisää seuraava koodi LocalSettings.php-tiedostosi loppuosaan: Configure as required.
wfLoadExtension( 'LDAPAuthorization' );
Tehty – Mene wikisi sivulle Special:Version vahvistaaksesi, että laajennoksen asennus onnistui.
Laajennuksen kokoonpanoasetukset
| Nimi | Oletus | Kuvaus |
|---|---|---|
AutoAuthRemoteUserStringParserRegistry
|
{
"domain-backslash-username": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\DomainBackslashUsername::factory",
"username-at-domain": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\UsernameAtDomain::factory"
}
|
A registry of factory callbacks for different parsers, that extract domain and username from a provided domain-username.
Must return Only used in case of auto-authentication provided by Extension:Auth remoteuser. |
AutoAuthRemoteUserStringParser
|
"domain-backslash-username"
|
Configures which parser is needed to extract domain and username from a provided domain-username. Sallitut arvot ovat:
Only used in case of auto-authentication provided by Auth remoteuser. |
AutoAuthUsernameNormalizer
|
""
|
A callback that allows to modify the username when Extension:Auth_remoteuser is used for network based authentication. E.g. "strtolower".
If form based authentication is also enabled though Extension:LDAPAuthentication2 this should have the same value as |
Verkkotunnuksen kokoonpanoasetukset
| Nimi | Oletus | Kuvaus |
|---|---|---|
rules.groups.required
|
[]
|
Array of group DNs that are required to complete the login process. Belonging to one group is sufficient (logical OR) to be authorized. |
rules.groups.excluded
|
[]
|
Array of group DNs that the user may not be member of to complete the login process. Belonging to one group is sufficient (logical OR) to be forbidden to log in. |
rules.attributes
|
{}
|
This implements the "attributes mapping" rule from Extension:LDAP Authentication
Example: {
"&" : {
"status": "active",
"|": {
"department": [ "100", "200" ],
"level": [ "5", "6" ]
}
}
}
|
rules.query
|
""
|
Allows to provide a standard LDAP query to be tested against the user. Comparable to $wgLDAPAuthAttribute from Extension:LDAP Authentication
Example:
|
Example 1
If you want to configure this in LocalSettings.php you can extend the configuration for LDAPProvider like in this example:
$LDAPProviderDomainConfigProvider = function() {
$config = [
'LDAP' => [
'connection' => [
...
],
'authorization' => [
'rules' => [
'groups' => [
'required' => [ "groupname" ]
]
]
]
]
];
...
Example 2
Here is a complete example LocalSettings.php configuration for Active Directory:
$LDAPProviderDomainConfigProvider = function()
{
$config =
[
"example.com" =>
[
"connection" =>
[
"server" => "ldap.example.com",
"user" => "cn=ldap,cn=Users,dc=example,dc=com",
"pass" => "password",
"basedn" => "dc=example,dc=com",
"groupbasedn" => "dc=example,dc=com",
"userbasedn" => "dc=example,dc=com",
"searchattribute" => "samaccountname",
"searchstring" => "USER-NAME@example.com",
"usernameattribute" => "samaccountname",
"realnameattribute" => "cn",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
],
"authorization" =>
[
"rules" =>
[
"groups" =>
[
"required" => [ "cn=Developers,cn=Users,dc=example,dc=com" ]
]
]
],
"groupsync" =>
[
"mechanism" => "mappedgroups",
"mapping" =>
[
"sysop" => "cn=Developers,cn=Users,dc=example,dc=com",
"bureaucrat" => "cn=Developers,cn=Users,dc=example,dc=com"
]
],
"userinfo" =>
[
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
Versioning
| MediaWiki Release | Recommended Extension Version | Test Status | Latest Test Date |
|---|---|---|---|
| 1.35 (LTS) | LDAPxxx_master | Tested | maaliskuu 2020 |
 | This extension is included in the following wiki farms/hosts and/or packages: |
Categories:
- LDAP Stack Member/fi
- PluggableAuth plugins/fi
- Stable extensions/fi
- Extensions with invalid or missing type/fi
- AuthRemoteuserFilterUserName extensions/fi
- PluggableAuthUserAuthorization extensions/fi
- GPL licensed extensions/fi
- Extensions in Wikimedia version control/fi
- All extensions/fi
- Extensions included in BlueSpice/fi
- Extensions included in Canasta/fi
- LDAP extensions/fi
- Extensions by MITRE/fi
- User identity extensions/fi