Extension:LDAP Authentication

From MediaWiki.org
Jump to: navigation, search

About - Requirements - Examples - Configuration Options - Changelog - Roadmap - Suggestions - User provided info - FAQ - Support


MediaWiki extensions manualManual:Extensions
Crystal Clear action run.png
LDAP Authentication

Release status:Extension status stable
ImplementationTemplate:Extension#type User identity
DescriptionTemplate:Extension#description Provides LDAP authentication, and some authorization functionality for MediaWiki
Author(s)Template:Extension#username Ryan Lane (Ryan lanetalk)
Latest versionTemplate:Extension#version 2.1.0 (2014-03-28)
Compatibility policyCompatibility#mediawiki_extensions master
MediaWikiTemplate:Extension#mediawiki 1.19+
Database changesTemplate:Extension#needs-updatephp Yes
LicenseTemplate:Extension#license GNU General Public License 2.0 or later
Download
Download snapshot (Git master)
Git [?]:
Hooks usedTemplate:Extension#hook
LoadExtensionSchemaUpdatesManual:Hooks/LoadExtensionSchemaUpdates

Translate the LDAP Authentication extension if it is available at translatewiki.net
Check usage and version matrix.

IssuesPhabricator

 Open tasks · Report a bug
Warning Warning: The extension has not been fully updated for MediaWiki 1.27+ (AuthManager); LdapAutoAuthentication will not work with that version. See gerrit:286705 for details.

About this documentation[edit]

The documentation has been updated to reflect version 1.1c and higher[edit]

Caution! Caution: Some options changed from 1.1b to 1.1c, make sure when configuring a new version that the options you are currently using are still valid. The changelog mentions which options have changed.

Post support questions on the discussion page or on the mediawiki-enterprise list[edit]

Please post all support questions on this page's discussion page or on the mediawiki-enterprise list. If a problem needs special attention, I can contact you directly by email. Posting the questions on the discussion page allows everyone to see how the problem was resolved.

Posting anywhere else will usually cause your problem to be ignored, or cause people to get upset with you.

Features[edit]

This plugin should be scalable for use in small to large organizations, and provides the following functionality:

  • Single and multi domain authentication (including local database)
    • Simple bind authentication
    • Proxy bind authentication
    • Smartcard/CAC/PKI Soft Certificate authentication
    • Kerberos authentication
    • SSL/TLS or non-SSL/TLS binding allowed
    • Nested/Unnested Group based restriction support
    • Filter based restriction support
  • Retrieval of user information from LDAP
    • Email address
    • Real name
    • Nickname
    • Language
  • Synchronization of LDAP groups to MediaWiki security groups (LDAP->MediaWiki only)
    • Nested group support available in 1.2b+
  • Storing preferences in LDAP
    • Update passwords [1]
    • Mail me a password [1]
    • Update all preferences that are currently retrievable
  • Creation and modification of users in LDAP

Requirements[edit]

Please see the Requirements page.

Installation[edit]

Please see the configuration and options pages.

Compatibility[edit]

The current version has been tested on:

  • MediaWiki
    • MediaWiki 1.14 [2]
    • MediaWiki 1.15 [2]
    • MediaWiki 1.16 [2]
    • MediaWiki 1.17.3
    • MediaWiki 1.18.6
    • MediaWiki 1.19.1
    • MediaWiki 1.20.3
    • MediaWiki 1.21.1
    • MediaWiki 1.23.1
    • Mediawiki 1.25.5
    • Mediawiki 1.26.3
    • Mediawiki 1.28 Does not work 100% on MediaWiki >= 1.27 - AutoAuth (Kerberos and smart card) does not work and no workaround unless re-code PHP.
    • BlueSpice 1.1
  • Operating Systems
    • Debian GNU/Linux 4.0 ("Etch")
    • Debian GNU/Linux 7 ("Wheezy")
    • Ubuntu 7.04, 8.04, 8.10, 9.04, 10.04, and 12.04
    • Red Hat Enterprise Linux v4 AS, ES, and WS
    • Red Hat Enterprise Linux v5 Server and Desktop
    • Fedora Core 6, Fedora 8, 10, 11, 12, 13, 19
    • Solaris 10
    • Suse Linux Enterprise Server 10
    • Suse Linux Enterprise Server 10 Service-Pack 2
    • Suse Linux Enterprise Server 12
    • openSUSE 11.4
    • Microsoft Windows 2003, 2008 R2
    • Gentoo Linux (extension revision 20306)
    • CentOS 4-7
    • Novell NetWare 6.5 SP7
    • FreeBSD 6.3-STABLE
  • LDAP Directories
    • CA Directory (eTrust Directory)
    • Sun Directory Server Enterprise Edition 5.2, 6.1, 6.2, and 6.3
    • Active Directory 2003, 2008
    • Novell eDirectory (NDS) v8.7.3, v8.8.2
    • OpenLDAP v2.2.13, v2.3.43, v2.4.19
    • Mac OS X Open Directory v10.4.9
    • Fedora Directory Server 1.0.4
    • ApacheDS 1.5.2
    • OpenDJ 2.4
    • IBM Lotus Domino 8.5 LDAP
  • Web Servers
    • Apache 2.0
    • Apache 2.2
    • Apache 2.4.10
    • IIS6+PHP ISAPI
    • IIS7.5+PHP
  • Combinations
Operating System MediaWiki PHP DBMS Web Server Directory Server Description
Fedora 6 1.16.0 5.1.6 MySQL 5.0.27 Apache 2.2.6 OpenLDAP 2.4.10
Fedora 13 1.16.0 5.3.3 MySQL 5.1.52 Apache 2.2.17 package php-ldap
Debian 4.0 1.7 5.2.0 MySQL 5.0.32 Apache 2.2.3 OpenLDAP
Debian 7.0 1.22.1 5.4.4 MySQL 5.5.31 Apache 2.2.22 OpenLDAP 2.3.43
Debian 7.7 1.23.5 5.4.4 MySQL 5.5.40 Apache 2.2.22 Active Directory (2008R2)
Debian 8.2 1.25.3 (task T108781 fix) 5.6.14 MySQL 5.5.46 Apache 2.4.10 freeIPA 4.3
Solaris 10 1.9.x MySQL Apache 2 CA Directory
RHEL v4 AS 1.6.8 4.3.9 MySQL 4.1.12-3 Apache 2.0.52-22 Sun Directory Server 5.2 patch 4
Fedora 10 1.15.1 5.2.9 MySQL 5.0.84 Apache 2.2.11 OpenLDAP 2.4.12
Gentoo Linux 1.9.x MySQL Apache 2 OpenLDAP extension revision 20306 ; Samba LDAP schema
CentOS 4 1.11.1 5.2.5 MySQL 4.1.22 Apache 2.0.26 OpenLDAP 2.2.13
CentOS 5 1.10.0 5 MySQL 5 Fedora Directory Server 1.0.4
CentOS 5 1.10.1 5.1.6 MySQL 5.0.22 Active Directory
CentOS 5 1.15.0 5.1.6 MySQL 5.0.45 Apache 2.2.3 OpenLDAP 2.3.43 extension v1.2a (rev 43434)
CentOS (vmware on a MAC OS X) 1.12.0 5.1.6 (apache2handler) MySQL 5.0.45 Active Directory
CentOs 5.5 (vbox on Windows XP Pro) 1.16.0 5.2.13 (apache2handler) MySQL 5.0.77 OpenLDAP
CentOS 5 1.15.1 5.3.0 (apache2handler) PostgreSQL 8.3.7 OpenLDAP 2.4.11
CentOS 5.3 (vm on an esx vsphere 4) 1.15.1 5.3.0 (apache2handler) Novell eDirectory
CentOS 6.4 (VM on ESXi 5.0.0) 1.20.3 5.3.14 (remi) Active Directory (2008R2)
CentOS 6.4 1.21.1 5.3.3 Active Directory (2008R2)
CentOS 7 1.20.2 5.4.16 Active Directory (2008R2)
CentOS 7.2.1511 1.26.1 5.4.16 & 5.6.30 5.5.44-MariaDB Apache 2.4.6 (CentOS) Active Directory 6.1
CentOS 7 1.25.1 5.4.16 5.5.52-MariaDB Nginx 1.10.2 Active Directory (2012)
SLES 9 1.6.7 4 MySQL 5 Novel eDirectory
SLES 10 1.10.0 5 MySQL 5 Apache 2.2 OpenLDAP
SLES 10 Service-Pack 2 1.14.0 5.2.5 MySQL 5.0.26 Active Directory (2003)
SLES 12 1.28 5.5.14 MySQL 5.5 Apache 2.4 Active Directory multi domain authentification
OpenSuse 10.2 1.9.x 5 MySQL 5 Active Directory
Novell NetWare 6.5 SP7 1.11.0 5.2.5 MySQL 5.0.45 Apache 2.0.61 Novell eDirectory 8.8.2
Ubuntu 6.06 1.12.0 5.1.2-1ubuntu3.10 MySQL 5.0.22-0ubuntu6.06.10 Apache 2.0.55-4ubuntu2.3 Active Directory
FreeBSD 6.3-STABLE 1.12.0 (FreeBSD-Port) 5.2.6 (FreeBSD-Port) MySQL 5.0.51a (FreeBSD-Port) Apache 2.2.9 (FreeBSD-Port) Active Directory 2003
Ubuntu 8.04.1 1.13.1 5.2.4 MySQL 5.0.51 Apache 2.2.8 Novell eDirectory
Ubuntu 8.10 1.14 5.2.6.2 MySQL 5.0.67 Apache 2.2.9 Active Directory 2003
Ubuntu 10.04.2 LTS 1.16.2 5.3.2 MySQL 5.1.41 Apache 2.2.14 Active Directory 2000
Ubuntu 12.04 LTS 1.16 5.3.6 MySQL 5.1 Apache 2.2.20 Active Directory 2003
Ubuntu 12.04 LTS 1.19 5.3.10 MySQL 5.1.62 Apache 2.2.22 Active Directory 2003
Ubuntu 14.04 LTS 1.27.1 7.0.11-1+deb.sury.org~trusty+1 10.1.17-MariaDB-1 Apache 2.4.7 Active Directory (2008R2)
Ubuntu 14.04.5 LTS 1.27.0 7.0.13-1+deb.sury.org~trusty+1 10.1.17-MariaDB-1 Apache 2.4.7 Zentyal 4.2
Windows 2003 1.8.3 5.2.0 MySQL 5.0 IIS6 Active Directory
Windows 2003 1.12 5.2.5 MySQL 5.0 Apache 2.2 ApacheDS 1.5.2
Windows Server 2003 SP2 1.14 5.2.8 MySQL 5.0.51a Apache 2.2 Active Directory
Windows Server 2003 SP2 1.17 5.3.5 MySQL 5.5.8 Apache 2.2
Windows XP Professional SP2 1.13.0 5.2.6 MySQL 5.0.51a Apache 2.2.9 Novell eDirectory 8.8.2
Windows XP Professional SP3 1.16.0 5.3.0 MySQL 5.1.36 Apache 2.2.11 Active Directory
Windows 2008 Standard Edition 1.15.4 5.3.3 MySQL 5.1.49 IIS7 with FastCGI Active Directory
Windows 2008 Web Edition 1.16.0 5.3.3 MySQL 5.1.50 IIS7 with FastCGI Active Directory
Windows 2008R2 Enterprise Edition 1.17.0 5.3.6 MySQL 5.5.12 IIS7.5 with FastCGI Active Directory
Windows Small Business Server 2011 1.24.1 5.5.13 MySQL 5.6.19 IIS7.5 with FastCGI Active Directory
Windows 2012 Standard 1.21.1 5.4.18 MySQL 5.6.13 IIS8 with FastCGI Active Directory
Windows 2012 R2 Standard on VMware 1.23.0 5.6.0 MySQL 5.1.72 IIS 8.5 with FastCGI Active Directory
Operating System MediaWiki PHP DBMS Web Server Directory Server Description

If you have a working wiki with a working version of the patch on something not listed above, please add it to the list!

Supporting the extension (donations)[edit]

Proper support of this extension requires quite a few resources. For a proper testing environment, I need to be able to run multiple directory servers (OpenLDAP, Sun Directory Server, Red Hat Directory Server, Active Directory, etc.), multiple web servers (Apache, and IIS mostly), Kerberos servers (MIT, AD), etc. Due to limited resources, I am unable to test many things concurrently.

If you would like to help support the extension, donation of a good laptop with lots of RAM (Macbook Pro preferably).

PHP 5.6.13 fix[edit]

I am not the maintainer, but I found a fix for users having problems with PHP 5.6.13, which is what you will find in many repositories (I have confirmed this on FreeBSD and Debian Jessie).

See the discussion page for details.

External Links[edit]

Notes[edit]

  1. 1.0 1.1 Does not work with Active Directory
  2. 2.0 2.1 2.2 For SSL (smartcard) authentication or any other type of auto-authentication, you need to use version 1.2, which is currently available in SVN

See also[edit]

Retrieved from "https://www.mediawiki.org/w/index.php?title=Extension:LDAP_Authentication&oldid=2459426"