Release status: beta
|Description||Manage MediaWiki group membership in LDAP|
|Author(s)||Mark A. Hershberger (MarkAHershbergertalk)|
|Latest version||0.1.0 (2016-11-07)|
|MediaWiki||1.26 or later|
|License||GNU General Public License 3.0 or later|
Translate the LdapGroups extension if it is available at translatewiki.net
|Check usage and version matrix.|
|Open tasks · Report a bug|
This is MediaWiki extension to allow users to manage the membership of their MediaWiki groups using a directory server via LDAP such as Microsoft's ActiveDirectory.
- Download and place the file(s) in a directory called
- Add the following code at the bottom of your LocalSettings.php:
wfLoadExtension( 'LdapGroups' );
- Configure as required
- Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
You need to specify connection parameters for your LDAP server. Since you may want to use a different LDAP server for different environments (e.g. dev, prod), the credentials are stored in a separate file in ini file format. These will be used to connect to the directory server. Specify the ini file in by pointing to it in your LocalSettings.php file by setting:
$LdapGroupsIniFile = "full-path-to-file";
The file takes the following format:
[main] server = ServerName ; quotes are required to keep php from getting confused about ; the extra equals sign user = 'UserName or DN pass = password basedn = 'Base DN'
Your mapping of MediaWiki groups to the distinguished names (dn) of the groups on your directory server should be provided in the $LdapGroupsMap variable. For example:
$LdapGroupsMap = [ "AWSUsers" => [ "cn=aws-production,ou=security group,o=top" ], "NavAndGuidance" => [ 'cn=g001,OU=Groups,o=top', 'cn=g002,OU=Groups,o=top', 'cn=g003,OU=Groups,o=top', ] ];
$LdapGroupsUseMatchingRuleInChainQuery = true;
I also plan to have a Special Page to set up to allow for group mappings soon.