Extension:LDAPSyncAll

**MediaWiki extensions manual**
LDAPSyncAll; Release status: stable
Description	Used to synchronize users
Author(s)	Cindy Cicalese, Mark A. Hershberger, Robert Vogel
Latest version	1.0.0
Compatibility policy	Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki	1.31+
Composer	mediawiki/ldap-sync-all
License	GNU General Public License 2.0 or later
Download	Download extension ; Git [?]: Download Git master; browse repository (Phabricator · GitHub); commit history; repository contributors (GitHub); code review;
	Parameters $wgUserPageContent; $wgExcludedUsernames; $wgUsersSyncMechanism; $wgBlockExecutorUsername; $wgExcludedGroups;
	Hooks used ChangeTagsAllowedAdd;
Quarterly downloads	41 (Ranked 106th)
	Translate the LDAPSyncAll extension if it is available at translatewiki.net
Issues	Open tasks · Report a bug

Translate this page

This extension is maintained by a member of the MediaWiki Stakeholders' Group.

This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.

This extension provides a mechanism to synchronize users in the database and users in active directory.

If a user is in LDAP, but not in the database => the user is added to the database
If a user is in the database, but not in LDAP => the user account will be disabled in the database

Installation[edit]

Execute within MediaWiki root or add mediawiki/ldap-sync-all to the composer.json file of your projectː

composer require mediawiki/ldap-sync-all dev-REL1_31

Activation[edit]

Add the following line to your LocalSettings.phpː

wfLoadExtension( 'LDAPSyncAll' );

Usage[edit]

The extension provides a maintenance script that you can simply run from your console PHP maintenance/SyncLDAPUsers.php. In addition, there is a RunJobsTriggerHandler that runs once a day.

Configuration[edit]

You need to add the following line in your LocalSettings.php. Don't forget to change "Admin" to the username who has admin permissions. This user disables accounts that are not in LDAP.

$GLOBALS['LDAPSyncAllBlockExecutorUsername'] = 'Admin';

You can specify usernames and usergroups that you want to exclude from disabling, for example:

$GLOBALS['LDAPSyncAllExcludedUsernames'] = [ 'Bob', 'Emily' ];

$GLOBALS['LDAPSyncAllExcludedGroups'] = [ 'bot', 'editor' ];

This extension is included in the following wiki farms/hosts and/or packages:

BlueSpice

This is not an authoritative list. Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm.

LDAPSyncAll Release status: stable

Description	Used to synchronize users
Author(s)	Cindy Cicalese, Mark A. Hershberger, Robert Vogel
Latest version	1.0.0
Compatibility policy	Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki	1.31+
Composer	mediawiki/ldap-sync-all
License	GNU General Public License 2.0 or later
Download	Download extension Git ^[?]: Download Git master browse repository (Phabricator · GitHub) commit history repository contributors (GitHub) code review
Parameters $wgUserPageContent $wgExcludedUsernames $wgUsersSyncMechanism $wgBlockExecutorUsername $wgExcludedGroups
Hooks used ChangeTagsAllowedAdd
Quarterly downloads	41 (Ranked 106^th)
Translate the LDAPSyncAll extension if it is available at translatewiki.net
Issues	Open tasks · Report a bug