Extension:LDAP Authentication/Roadmap

From mediawiki.org
MediaWiki extensions manual
OOjs UI icon advanced-invert.svg
LDAP Authentication
Release status: unmaintained
Implementation User identity
Description Provides LDAP authentication, and some authorization functionality for MediaWiki
Author(s) Ryan Lane (Ryan lanetalk)
Latest version 2.1.0 (2018-10-11)
Compatibility policy Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki 1.19-1.26
Database changes Yes
License GNU General Public License 2.0 or later
  • $wgAutoAuthUsername
  • $wgGroupsUseMemberOf
  • $wgDomainNames
  • $wgEncryptionType
  • $wgSearchAttributes
  • $wgGroupUseFullDN
  • $wgPort
  • $wgWriterPassword
  • $wgUserBaseDNs
  • $wgGroupBaseDNs
  • $wgUseLDAPGroups
  • $wgAutoAuthDomain
  • $wgWriteLocation
  • $wgProxyAgentPassword
  • $wgUseLocal
  • $wgLockPasswordPolicy
  • $wgLockOnBlock
  • $wgLocallyManagedGroups
  • $wgAddLDAPUsers
  • $wgProxyAgent
  • $wgServerNames
  • $wgPasswordHash
  • $wgAuthAttribute
  • $wgGroupSearchNestedGroups
  • $wgExcludedGroups
  • $wgGroupNameAttribute
  • $wgRequiredGroups
  • $wgBaseDNs
  • $wgGroupAttribute
  • $wgOptions
  • $wgGroupsPrevail
  • $wgDisableAutoCreate
  • $wgGroupObjectclass
  • $wgLowerCaseUsername
  • $wgUpdateLDAP
  • $wgDebug
  • $wgMailPassword
  • $wgSearchStrings
  • $wgPreferences
  • $wgActiveDirectory
  • $wgGroupUseRetrievedUsername
  • $wgGroupSearchPosixPrimaryGroup
  • $wgWriterDN

Check usage and version matrix.

Issues Open tasks · Report a bug
Warning Warning: The extension has not been fully updated for MediaWiki 1.27+ (AuthManager); LdapAutoAuthentication will not work with that version. See gerrit:286705 for details.

Next version[edit]

I have a bad memory, and need a to-do list. If I have promised to add something for you in the next version, and it isn't in the list below, please add it.


  • Fix referencs to $ldapconn that should be $this->ldapconn in primary group code for AD (in SVN)
  • Fix User not loaded from session issue [1]
  • Change behavior of locally managed groups to allow MediaWiki specific groups to be overridden [2]
  • Fix the username-authentication issue once and for all (hopefully without nasty hacks) [3] [4]
  • Fix the issue where local users can't change their passwords [5]
  • Add strictUserAuth support
  • Add support for automatic domain discovery
  • Refactor the code to handle configuration globals differently
    • Add an option for schema type, so that common options can be automatically configured
    • Fallback to defaults when certain options aren't set
  • Fix memberOf with memberOf overlays (in SVN) [6]
  • Add check for non-returned data [7]
  • Add $wgLDAPAllowLocalUsers and $wgLDAPRequiredUsers as a way to allow a list of local users (e.g., WikiSysop) and a list of LDAP users for access. [8]
  • Ensure compatibility with PHP 5.3 [9]
  • Fix issue with excluded groups [10]
  • Support dynamic groups [11]

Possibly in a future version[edit]

  • Allow changes to LDAP groups via Special:Userrights
  • Support for choosing default search scope, and defining it for multiple domains.
  • Support for adding users/changing passwords in Active Directory.
  • Support for using LDAP as a complete user backend (including user options and such). Using ldap as a backend will require a custom schema to be loaded in the LDAP server.
  • Optionally munge usernames when using auto-auth