Switch to new LDAP stack

This commit is contained in:
Adam Goldsmith 2020-01-08 21:12:29 -05:00
parent 26a6225e82
commit 5bd81ce695
2 changed files with 53 additions and 19 deletions

View File

@ -10,8 +10,20 @@ COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
RUN cd /var/www/html/ && composer update --no-dev
RUN git clone --depth 1 -b $MEDIAWIKI_BRANCH \
https://gerrit.wikimedia.org/r/mediawiki/extensions/LdapAuthentication \
/var/www/html/extensions/LdapAuthentication
https://gerrit.wikimedia.org/r/mediawiki/extensions/PluggableAuth \
/var/www/html/extensions/PluggableAuth
RUN git clone --depth 1 \
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPProvider \
/var/www/html/extensions/LDAPProvider
RUN git clone --depth 1 \
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPUserInfo \
/var/www/html/extensions/LDAPUserInfo
RUN git clone --depth 1 \
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthentication2 \
/var/www/html/extensions/LDAPAuthentication2
RUN git clone --depth 1 -b $MEDIAWIKI_BRANCH \
https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor.git \

View File

@ -167,24 +167,46 @@ $wgScribuntoDefaultEngine = 'luastandalone';
$wgScribuntoUseCodeEditor = "true";
# LDAP
require_once ('extensions/LdapAuthentication/LdapAuthentication.php');
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( 'CMS' );
$wgLDAPServerNames = array( 'CMS' => 'self-service.claremontmakerspace.org' );
$wgLDAPPort = array( 'CMS' => 7389 );
$wgLDAPEncryptionType = array( 'CMS' => 'clear' );
$wgLDAPSearchStrings = array(
'CMS' => 'uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org' );
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPAuthentication2' );
$LDAPProviderDomainConfigProvider = function() use ($secrets) {
$config = [
'CMS' => [
"connection" => [
"server" => "self-service.claremontmakerspace.org",
"port" => 7389,
"enctype" => "clear",
"user" => "uid=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"pass" => $secrets['LDAPPass'],
"options" => [
"LDAP_OPT_DEREF" => 1,
],
"basedn" => "cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"groupbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
"userbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
"searchattribute" => "uid",
"searchstring" => "uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail"
],
"authentication" => [
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail"
],
"userinfo" => [
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
# LDAP proxy bind
// $wgLDAPProxyAgent = array( 'CMS' => 'cn=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org' );
// $wgLDAPProxyAgentPassword = array( 'CMS' => '' );
// $wgLDAPSearchAttributes = array( 'CMS' => 'uid' );
// $wgLDAPBaseDNs = array( 'CMS' => 'dc=claremontmakerspace,dc=org' );
# To pull e-mail address from LDAP
$wgLDAPPreferences = array( 'CMS' => array( 'email' => 'mail'));
$wgShowExceptionDetails = true;
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
wfLoadExtension( 'VisualEditor' );
$wgDefaultUserOptions['visualeditor-enable'] = 1;