Extension:LDAP Authentication/Roadmap

From MediaWiki.org
Jump to navigation Jump to search

About - Requirements - Examples - Configuration Options - Changelog - Roadmap - Suggestions - User provided info - FAQ - Support

MediaWiki extensions manual
OOjs UI icon advanced.svg
LDAP Authentication
Release status: stable
Implementation User identity
Description Provides LDAP authentication, and some authorization functionality for MediaWiki
Author(s) Ryan Lane (Ryan lanetalk)
Latest version 2.1.0 (2018-10-11)
Compatibility policy master
MediaWiki 1.19+
Database changes Yes
License GNU General Public License 2.0 or later
Hooks used
Translate the LDAP Authentication extension if it is available at translatewiki.net
Check usage and version matrix.
Issues Open tasks · Report a bug

Next version[edit]

I have a bad memory, and need a to-do list. If I have promised to add something for you in the next version, and it isn't in the list below, please add it.


  • Fix referencs to $ldapconn that should be $this->ldapconn in primary group code for AD (in SVN)
  • Fix User not loaded from session issue [1]
  • Change behavior of locally managed groups to allow MediaWiki specific groups to be overridden [2]
  • Fix the username-authentication issue once and for all (hopefully without nasty hacks) [3] [4]
  • Fix the issue where local users can't change their passwords [5]
  • Add strictUserAuth support
  • Add support for automatic domain discovery
  • Refactor the code to handle configuration globals differently
    • Add an option for schema type, so that common options can be automatically configured
    • Fallback to defaults when certain options aren't set
  • Fix memberOf with memberOf overlays (in SVN) [6]
  • Add check for non-returned data [7]
  • Add $wgLDAPAllowLocalUsers and $wgLDAPRequiredUsers as a way to allow a list of local users (e.g., WikiSysop) and a list of LDAP users for access. [8]
  • Ensure compatibility with PHP 5.3 [9]
  • Fix issue with excluded groups [10]
  • Support dynamic groups [11]

Possibly in a future version[edit]

  • Allow changes to LDAP groups via Special:Userrights
  • Support for choosing default search scope, and defining it for multiple domains.
  • Support for adding users/changing passwords in Active Directory.
  • Support for using LDAP as a complete user backend (including user options and such). Using ldap as a backend will require a custom schema to be loaded in the LDAP server.
  • Optionally munge usernames when using auto-auth