Extension:LDAP Authentication/Roadmap

From mediawiki.org
Jump to navigation Jump to search

About - Requirements - Examples - Configuration Options - Changelog - Roadmap - Suggestions - User provided info - FAQ - Support

MediaWiki extensions manual
OOjs UI icon advanced.svg
LDAP Authentication
Release status: stable
Implementation User identity
Description Provides LDAP authentication, and some authorization functionality for MediaWiki
Author(s) Ryan Lane (Ryan lanetalk)
Latest version 2.1.0 (2018-10-11)
Compatibility policy Snapshots releases along with MediaWiki. Master is not backwards compatible.
MediaWiki 1.19-1.26
MediaWiki 1.36 Not formally tested
MediaWiki 1.34 Not formally tested
MediaWiki 1.32 Not formally tested
Database changes Yes
License GNU General Public License 2.0 or later
  • $wgLDAPAutoAuthUsername
  • $wgLDAPGroupsUseMemberOf
  • $wgLDAPDomainNames
  • $wgLDAPEncryptionType
  • $wgLDAPSearchAttributes
  • $wgLDAPGroupUseFullDN
  • $wgLDAPPort
  • $wgLDAPWriterPassword
  • $wgLDAPUserBaseDNs
  • $wgLDAPGroupBaseDNs
  • $wgLDAPUseLDAPGroups
  • $wgLDAPAutoAuthDomain
  • $wgLDAPWriteLocation
  • $wgLDAPProxyAgentPassword
  • $wgLDAPUseLocal
  • $wgLDAPLockPasswordPolicy
  • $wgLDAPLockOnBlock
  • $wgLDAPLocallyManagedGroups
  • $wgLDAPAddLDAPUsers
  • $wgLDAPProxyAgent
  • $wgLDAPServerNames
  • $wgLDAPPasswordHash
  • $wgLDAPAuthAttribute
  • $wgLDAPGroupSearchNestedGroups
  • $wgLDAPExcludedGroups
  • $wgLDAPGroupNameAttribute
  • $wgLDAPRequiredGroups
  • $wgLDAPBaseDNs
  • $wgLDAPGroupAttribute
  • $wgLDAPOptions
  • $wgLDAPGroupsPrevail
  • $wgLDAPDisableAutoCreate
  • $wgLDAPGroupObjectclass
  • $wgLDAPLowerCaseUsername
  • $wgLDAPUpdateLDAP
  • $wgLDAPDebug
  • $wgLDAPMailPassword
  • $wgLDAPSearchStrings
  • $wgLDAPPreferences
  • $wgLDAPActiveDirectory
  • $wgLDAPGroupUseRetrievedUsername
  • $wgLDAPGroupSearchPosixPrimaryGroup
  • $wgLDAPWriterDN

Check usage and version matrix.

Issues Open tasks · Report a bug
Warning Warning: The extension has not been fully updated for MediaWiki 1.27+ (AuthManager); LdapAutoAuthentication will not work with that version. See gerrit:286705 for details.

Next version[edit]

I have a bad memory, and need a to-do list. If I have promised to add something for you in the next version, and it isn't in the list below, please add it.


  • Fix referencs to $ldapconn that should be $this->ldapconn in primary group code for AD (in SVN)
  • Fix User not loaded from session issue [1]
  • Change behavior of locally managed groups to allow MediaWiki specific groups to be overridden [2]
  • Fix the username-authentication issue once and for all (hopefully without nasty hacks) [3] [4]
  • Fix the issue where local users can't change their passwords [5]
  • Add strictUserAuth support
  • Add support for automatic domain discovery
  • Refactor the code to handle configuration globals differently
    • Add an option for schema type, so that common options can be automatically configured
    • Fallback to defaults when certain options aren't set
  • Fix memberOf with memberOf overlays (in SVN) [6]
  • Add check for non-returned data [7]
  • Add $wgLDAPAllowLocalUsers and $wgLDAPRequiredUsers as a way to allow a list of local users (e.g., WikiSysop) and a list of LDAP users for access. [8]
  • Ensure compatibility with PHP 5.3 [9]
  • Fix issue with excluded groups [10]
  • Support dynamic groups [11]

Possibly in a future version[edit]

  • Allow changes to LDAP groups via Special:Userrights
  • Support for choosing default search scope, and defining it for multiple domains.
  • Support for adding users/changing passwords in Active Directory.
  • Support for using LDAP as a complete user backend (including user options and such). Using ldap as a backend will require a custom schema to be loaded in the LDAP server.
  • Optionally munge usernames when using auto-auth