From 5bd81ce69572417447ccea071e0a55bd93674f34 Mon Sep 17 00:00:00 2001 From: Adam Goldsmith Date: Wed, 8 Jan 2020 21:12:29 -0500 Subject: [PATCH] Switch to new LDAP stack --- Dockerfile | 16 ++++++++++++-- LocalSettings.php | 56 +++++++++++++++++++++++++++++++++-------------- 2 files changed, 53 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index cccad10..5168bec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,8 +10,20 @@ COPY --from=composer:latest /usr/bin/composer /usr/bin/composer RUN cd /var/www/html/ && composer update --no-dev RUN git clone --depth 1 -b $MEDIAWIKI_BRANCH \ - https://gerrit.wikimedia.org/r/mediawiki/extensions/LdapAuthentication \ - /var/www/html/extensions/LdapAuthentication + https://gerrit.wikimedia.org/r/mediawiki/extensions/PluggableAuth \ + /var/www/html/extensions/PluggableAuth + +RUN git clone --depth 1 \ + https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPProvider \ + /var/www/html/extensions/LDAPProvider + +RUN git clone --depth 1 \ + https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPUserInfo \ + /var/www/html/extensions/LDAPUserInfo + +RUN git clone --depth 1 \ + https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthentication2 \ + /var/www/html/extensions/LDAPAuthentication2 RUN git clone --depth 1 -b $MEDIAWIKI_BRANCH \ https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor.git \ diff --git a/LocalSettings.php b/LocalSettings.php index d88bd91..8a87550 100644 --- a/LocalSettings.php +++ b/LocalSettings.php @@ -167,24 +167,46 @@ $wgScribuntoDefaultEngine = 'luastandalone'; $wgScribuntoUseCodeEditor = "true"; # LDAP -require_once ('extensions/LdapAuthentication/LdapAuthentication.php'); -$wgAuth = new LdapAuthenticationPlugin(); -$wgLDAPDomainNames = array( 'CMS' ); -$wgLDAPServerNames = array( 'CMS' => 'self-service.claremontmakerspace.org' ); -$wgLDAPPort = array( 'CMS' => 7389 ); -$wgLDAPEncryptionType = array( 'CMS' => 'clear' ); -$wgLDAPSearchStrings = array( - 'CMS' => 'uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org' ); +wfLoadExtension( 'PluggableAuth' ); +wfLoadExtension( 'LDAPProvider' ); +wfLoadExtension( 'LDAPUserInfo' ); +wfLoadExtension( 'LDAPAuthentication2' ); +$LDAPProviderDomainConfigProvider = function() use ($secrets) { + $config = [ + 'CMS' => [ + "connection" => [ + "server" => "self-service.claremontmakerspace.org", + "port" => 7389, + "enctype" => "clear", + "user" => "uid=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org", + "pass" => $secrets['LDAPPass'], + "options" => [ + "LDAP_OPT_DEREF" => 1, + ], + "basedn" => "cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org", + "groupbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org", + "userbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org", + "searchattribute" => "uid", + "searchstring" => "uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org", + "usernameattribute" => "uid", + "realnameattribute" => "cn", + "emailattribute" => "mail" + ], + "authentication" => [ + "usernameattribute" => "uid", + "realnameattribute" => "cn", + "emailattribute" => "mail" + ], + "userinfo" => [ + "email" => "mail", + "realname" => "cn", + "properties.gender" => "gender" + ] + ] + ]; -# LDAP proxy bind -// $wgLDAPProxyAgent = array( 'CMS' => 'cn=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org' ); -// $wgLDAPProxyAgentPassword = array( 'CMS' => '' ); -// $wgLDAPSearchAttributes = array( 'CMS' => 'uid' ); -// $wgLDAPBaseDNs = array( 'CMS' => 'dc=claremontmakerspace,dc=org' ); - -# To pull e-mail address from LDAP -$wgLDAPPreferences = array( 'CMS' => array( 'email' => 'mail')); -$wgShowExceptionDetails = true; + return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config ); +}; wfLoadExtension( 'VisualEditor' ); $wgDefaultUserOptions['visualeditor-enable'] = 1;