This extension provides a mechanism to synchronize users in the database and users in active directory.
Release status: stable
|Description||Used to synchronize users|
|Author(s)||Cindy Cicalese, Mark A. Hershberger, Robert Vogel|
|Compatibility policy||Snapshots releases along with MediaWiki. Master is not backward compatible.|
|License||GNU General Public License 2.0 or later|
|Quarterly downloads||67 (Ranked 99th)|
|Translate the LDAPSyncAll extension if it is available at translatewiki.net|
|Issues||Open tasks · Report a bug|
- If a user is in LDAP, but not in the database => the user is added to the database
- If a user is in the database, but not in LDAP => the user account will be disabled in the database
Execute within MediaWiki root or add mediawiki/ldap-sync-all to the composer.json file of your projectː
composer require mediawiki/ldap-sync-all dev-REL1_31
Add the following line to your LocalSettings.phpː
wfLoadExtension( 'LDAPSyncAll' );
The extension provides a maintenance script that you can simply run from your console PHP maintenance/SyncLDAPUsers.php. In addition, there is a RunJobsTriggerHandler that runs once a day.
You need to add the following line in your LocalSettings.php. Don't forget to change "Admin" to the username who has admin permissions. This user disables accounts that are not in LDAP.
$GLOBALS['LDAPSyncAllBlockExecutorUsername'] = 'Admin';
You can specify usernames and usergroups that you want to exclude from disabling, for example:
$GLOBALS['LDAPSyncAllExcludedUsernames'] = [ 'Bob', 'Emily' ]; $GLOBALS['LDAPSyncAllExcludedGroups'] = [ 'bot', 'editor' ];
|This extension is included in the following wiki farms/hosts and/or packages:|