I'm trying to get my LDAPAuthentication2 setup squared away. The documentation on this vs. the original LDAPAuthentication is kind of lacking. I need to setup group restrictions, and I'm trying to follow the examples on Extension:LDAP Authentication/Examples#Group configuration, but I'm pretty sure its not working because its written for the older LDAPAuthentication not v.2?
Here is what I have for my LocalSettings.php in relation to the LDAP connection. I'm trying to limit login to the group named "UBSA_Student_Staff".
//LDAP Authentication Config
$wgMinimalPasswordLength = 6;
$wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 6;
$wgPasswordPolicy['policies']['Administrators']['MinimalPasswordLength'] = 6;
$wgPasswordPolicy['policies']['interface-admin']['MinimalPasswordLength'] = 6;
$wgPasswordPolicy['policies']['bureaucrat']['MinimalPasswordLength'] = 6;
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPAuthentication2' );
$LDAPAuthentication2AllowLocalLogin = true;
// Create Wiki-Group 'engineering' from default user group
$wgGroupPermissions['UBSA_Pro_Staff'] = $wgGroupPermissions['sysop'];
// Private Wiki. External LDAP login. Default NS requires login.
$wgEmailConfirmToEdit = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['sysop']['createaccount'] = true;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgBlockDisablesLogin = true;
// Load LDAP Config from JSON
$ldapJsonFile = "$IP/ldap.json";
$ldapConfig = false;
if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {
$testJson = @json_decode(file_get_contents($ldapJsonFile),true);
if (is_array($testJson)) {
$ldapConfig = true;
} else {
error_log("Found invalid JSON in file: $IP/ldap.json");
}
}
$wikiRequestSafe = true;
// Activate Extension
if ( $ldapConfig ) {
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPAuthorization' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPGroups' );
$LDAPProviderDomainConfigs = $ldapJsonFile;
$wgPluggableAuth_ButtonLabel = "Log In";
if ($wikiRequestSafe) { $LDAPAuthentication2AllowLocalLogin = true; }
}
$wgShowExceptionDetails = true;
$wgShowSQLErrors = true;
$wgShowDBErrorBacktrace = true;
//LDAP / AD Group Restrictions
$wgLDAPRequiredGroups = array( "itorg_ad_buffalo_edu"=>array("CN=UBSA_Student_Staff,OU=Groups,OU=UBSA,OU=StudentAssociation,OU=ITORGS,DC=itorg,DC=ad,DC=buffalo,DC=edu"));
I asked about this last week and it got buried so far that I couldn't find it to bump.
I would love it if someone can point me to the right documentation for the new LDAPAuth 2 group restrictions info! Thanks!