Switch to new LDAP stack

Dockerfile

@@ -10,8 +10,20 @@ COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
 RUN cd /var/www/html/ && composer update --no-dev
 
 RUN git clone --depth 1 -b $MEDIAWIKI_BRANCH \
-    https://gerrit.wikimedia.org/r/mediawiki/extensions/LdapAuthentication \
+    https://gerrit.wikimedia.org/r/mediawiki/extensions/PluggableAuth \
-    /var/www/html/extensions/LdapAuthentication
+    /var/www/html/extensions/PluggableAuth
+
+RUN git clone --depth 1 \
+    https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPProvider \
+    /var/www/html/extensions/LDAPProvider
+
+RUN git clone --depth 1 \
+    https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPUserInfo \
+    /var/www/html/extensions/LDAPUserInfo
+
+RUN git clone --depth 1 \
+    https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthentication2 \
+    /var/www/html/extensions/LDAPAuthentication2
 
 RUN git clone --depth 1 -b $MEDIAWIKI_BRANCH \
     https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor.git \

LocalSettings.php

@@ -167,24 +167,46 @@ $wgScribuntoDefaultEngine = 'luastandalone';
 $wgScribuntoUseCodeEditor = "true";
 
 # LDAP
-require_once ('extensions/LdapAuthentication/LdapAuthentication.php');
+wfLoadExtension( 'PluggableAuth' );
-$wgAuth = new LdapAuthenticationPlugin();
+wfLoadExtension( 'LDAPProvider' );
-$wgLDAPDomainNames = array( 'CMS' );
+wfLoadExtension( 'LDAPUserInfo' );
-$wgLDAPServerNames = array( 'CMS' => 'self-service.claremontmakerspace.org' );
+wfLoadExtension( 'LDAPAuthentication2' );
-$wgLDAPPort = array( 'CMS' => 7389 );
+$LDAPProviderDomainConfigProvider = function() use ($secrets) {
-$wgLDAPEncryptionType = array( 'CMS' => 'clear' );
+	$config = [
-$wgLDAPSearchStrings = array(
+		'CMS' => [
-  'CMS' => 'uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org' );
+			"connection" => [
+				"server" => "self-service.claremontmakerspace.org",
+                "port" => 7389,
+                "enctype" => "clear",
+				"user" => "uid=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"pass" => $secrets['LDAPPass'],
+				"options" => [
+					"LDAP_OPT_DEREF" => 1,
+				],
+				"basedn" => "cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"groupbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"userbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"searchattribute" => "uid",
+				"searchstring" => "uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"usernameattribute" => "uid",
+				"realnameattribute" => "cn",
+				"emailattribute" => "mail"
+			],
+            "authentication" => [
+                "usernameattribute" => "uid",
+                "realnameattribute" => "cn",
+                "emailattribute" => "mail"
+            ],
+			"userinfo" => [
+                "email" => "mail",
+				"realname" => "cn",
+				"properties.gender" => "gender"
+			]
+		]
+	];
 
-# LDAP proxy bind
+	return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
-// $wgLDAPProxyAgent = array( 'CMS' => 'cn=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org' );
+};
-// $wgLDAPProxyAgentPassword = array( 'CMS' => '' );
-// $wgLDAPSearchAttributes = array( 'CMS' => 'uid' );
-// $wgLDAPBaseDNs = array( 'CMS' => 'dc=claremontmakerspace,dc=org' );
-
-# To pull e-mail address from LDAP
-$wgLDAPPreferences = array( 'CMS' => array( 'email' => 'mail'));
-$wgShowExceptionDetails = true;
 
 wfLoadExtension( 'VisualEditor' );
 $wgDefaultUserOptions['visualeditor-enable'] = 1;