Switch to new LDAP stack
This commit is contained in:
parent
26a6225e82
commit
5bd81ce695
16
Dockerfile
16
Dockerfile
@ -10,8 +10,20 @@ COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
|
||||
RUN cd /var/www/html/ && composer update --no-dev
|
||||
|
||||
RUN git clone --depth 1 -b $MEDIAWIKI_BRANCH \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/LdapAuthentication \
|
||||
/var/www/html/extensions/LdapAuthentication
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/PluggableAuth \
|
||||
/var/www/html/extensions/PluggableAuth
|
||||
|
||||
RUN git clone --depth 1 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPProvider \
|
||||
/var/www/html/extensions/LDAPProvider
|
||||
|
||||
RUN git clone --depth 1 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPUserInfo \
|
||||
/var/www/html/extensions/LDAPUserInfo
|
||||
|
||||
RUN git clone --depth 1 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthentication2 \
|
||||
/var/www/html/extensions/LDAPAuthentication2
|
||||
|
||||
RUN git clone --depth 1 -b $MEDIAWIKI_BRANCH \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor.git \
|
||||
|
@ -167,24 +167,46 @@ $wgScribuntoDefaultEngine = 'luastandalone';
|
||||
$wgScribuntoUseCodeEditor = "true";
|
||||
|
||||
# LDAP
|
||||
require_once ('extensions/LdapAuthentication/LdapAuthentication.php');
|
||||
$wgAuth = new LdapAuthenticationPlugin();
|
||||
$wgLDAPDomainNames = array( 'CMS' );
|
||||
$wgLDAPServerNames = array( 'CMS' => 'self-service.claremontmakerspace.org' );
|
||||
$wgLDAPPort = array( 'CMS' => 7389 );
|
||||
$wgLDAPEncryptionType = array( 'CMS' => 'clear' );
|
||||
$wgLDAPSearchStrings = array(
|
||||
'CMS' => 'uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org' );
|
||||
wfLoadExtension( 'PluggableAuth' );
|
||||
wfLoadExtension( 'LDAPProvider' );
|
||||
wfLoadExtension( 'LDAPUserInfo' );
|
||||
wfLoadExtension( 'LDAPAuthentication2' );
|
||||
$LDAPProviderDomainConfigProvider = function() use ($secrets) {
|
||||
$config = [
|
||||
'CMS' => [
|
||||
"connection" => [
|
||||
"server" => "self-service.claremontmakerspace.org",
|
||||
"port" => 7389,
|
||||
"enctype" => "clear",
|
||||
"user" => "uid=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
|
||||
"pass" => $secrets['LDAPPass'],
|
||||
"options" => [
|
||||
"LDAP_OPT_DEREF" => 1,
|
||||
],
|
||||
"basedn" => "cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
|
||||
"groupbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
|
||||
"userbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
|
||||
"searchattribute" => "uid",
|
||||
"searchstring" => "uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
|
||||
"usernameattribute" => "uid",
|
||||
"realnameattribute" => "cn",
|
||||
"emailattribute" => "mail"
|
||||
],
|
||||
"authentication" => [
|
||||
"usernameattribute" => "uid",
|
||||
"realnameattribute" => "cn",
|
||||
"emailattribute" => "mail"
|
||||
],
|
||||
"userinfo" => [
|
||||
"email" => "mail",
|
||||
"realname" => "cn",
|
||||
"properties.gender" => "gender"
|
||||
]
|
||||
]
|
||||
];
|
||||
|
||||
# LDAP proxy bind
|
||||
// $wgLDAPProxyAgent = array( 'CMS' => 'cn=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org' );
|
||||
// $wgLDAPProxyAgentPassword = array( 'CMS' => '' );
|
||||
// $wgLDAPSearchAttributes = array( 'CMS' => 'uid' );
|
||||
// $wgLDAPBaseDNs = array( 'CMS' => 'dc=claremontmakerspace,dc=org' );
|
||||
|
||||
# To pull e-mail address from LDAP
|
||||
$wgLDAPPreferences = array( 'CMS' => array( 'email' => 'mail'));
|
||||
$wgShowExceptionDetails = true;
|
||||
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
|
||||
};
|
||||
|
||||
wfLoadExtension( 'VisualEditor' );
|
||||
$wgDefaultUserOptions['visualeditor-enable'] = 1;
|
||||
|
Loading…
Reference in New Issue
Block a user