Extension:LDAPSyncAll

From mediawiki.org
Other languages:
MediaWiki Stakeholders' Group Logo.svg This extension is maintained by a member of the MediaWiki Stakeholders' Group .
MWStake LDAPStack Icon.svg This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.

This extension provides a mechanism to synchronize users in the database and users in active directory.

MediaWiki extensions manual
OOjs UI icon advanced-invert.svg
LDAPSyncAll
Release status: stable
MWStake LDAPStack Icon.svg
Description Used to synchronize users
Author(s) Cindy Cicalese, Mark A. Hershberger, Robert Vogel
Latest version 1.0.0
Compatibility policy Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki 1.31+
Composer mediawiki/ldap-sync-all
License GNU General Public License 2.0 or later
Download
  • $wgUserPageContent
  • $wgExcludedUsernames
  • $wgUsersSyncMechanism
  • $wgBlockExecutorUsername
  • $wgExcludedGroups
Translate the LDAPSyncAll extension if it is available at translatewiki.net

Check usage and version matrix.

Issues Open tasks · Report a bug
  • If a user is in LDAP, but not in the database => the user is added to the database
  • If a user is in the database, but not in LDAP => the user account will be disabled in the database

Installation[edit]

Execute within MediaWiki root or add mediawiki/ldap-sync-all to the composer.json file of your projectː

composer require mediawiki/ldap-sync-all dev-REL1_31

Activation[edit]

Add the following line to your LocalSettings.phpː

wfLoadExtension( 'LDAPSyncAll' );

Usage[edit]

The extension provides a maintenance script that you can simply run from your console php maintenance/SyncLDAPUsers.php. In addition, there is a RunJobsTriggerHandler that runs once a day.

Configuration[edit]

You need to add the following line in your LocalSettings.php. Don't forget to change "Admin" to the username who has admin permissions. This user disables accounts that are not in LDAP.

$GLOBALS['LDAPSyncAllBlockExecutorUsername'] = 'Admin';

You can specify usernames and usergroups that you want to exclude from disabling, for example:

$GLOBALS['LDAPSyncAllExcludedUsernames'] = [ 'Bob', 'Emily' ];

$GLOBALS['LDAPSyncAllExcludedGroups'] = [ 'bot', 'editor' ];