Extension:LDAPAuthentication2/ja

From Linux Web Expert

Revision as of 00:15, 3 February 2024 by imported>FuzzyBot (Updating to match new version of source page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


File:MediaWiki Stakeholders' Group Logo.svg <translate> This extension is maintained by a member of the <tvar name=1>MediaWiki 利害関係者グループ </tvar>.</translate>
File:MWStake LDAPStack Icon.svg This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.
File:PluggableAuth Icon.svg この拡張機能では、先に PluggableAuth 拡張機能をインストールする必要があります。
MediaWiki 拡張機能マニュアル
LDAPAuthentication2
リリースの状態: 安定
File:MWStake LDAPStack Icon.svg
実装 利用者識別
作者
最新バージョン 1.0.1
互換性の方針 長期間サポート リリースであるすべての MediaWiki リリースについて、拡張機能に対応するブランチが存在します。
MediaWiki 1.31+
ライセンス GNU 一般公衆利用許諾書 2.0 以降
ダウンロード
  • $LDAPAuthentication2AllowLocalLogin
  • $LDAPAuthentication2UsernameNormalizer
Quarterly downloads Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin').
Public wikis using Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin').
translatewiki.net で翻訳を利用できる場合は、LDAPAuthentication2 拡張機能の翻訳にご協力ください
問題点 未解決のタスク · バグを報告

インストール

  • <translate> [[<tvar name=2>Special:ExtensionDistributor/LDAPAuthentication2</tvar>|Download]] and move the extracted <tvar name=name>LDAPAuthentication2</tvar> folder to your <tvar name=ext>extensions/</tvar> directory.</translate>
    <translate> Developers and code contributors should install the extension [[<tvar name=git>Special:MyLanguage/Download from Git</tvar>|from Git]] instead, using:</translate>cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthentication2
  • <translate> Add the following code at the bottom of your <tvar name=1>LocalSettings.php </tvar> file:</translate>
    wfLoadExtension( 'LDAPAuthentication2' );
    
  • 必要に応じて設定します。
  • File:OOjs UI icon check-constructive.svg <translate> Done</translate> – <translate> Navigate to <tvar name=special>Special:Version</tvar> on your wiki to verify that the extension is successfully installed.</translate>

設定

拡張機能の設定

$LDAPAuthentication2AllowLocalLogin
Whether or not to display a "local" pseudo-domain in the domain selector on "Special:Login", thus allowing to authenticate against the local user database. (defaults to false )
$LDAPAuthentication2UsernameNormalizer
Use this function for normalizing username for LDAP, for example 'strtolower'. Needed after migration from earlier Version. (defaults to "" )

ドメイン設定

authentication.usernameattribute
The LDAP user object attribute name that should be used as a local wiki user username (defaults to "samaccountname")
authentication.realnameattribute
The LDAP user object attribute name that should be used as a local wiki user realname (defaults to "cn")
authentication.emailattribute
The LDAP user object attribute name that should be used as e-mail address for the local wiki user (defaults to "mail")

バージョン化

LDAP Stack Extensions are targeted/qualified for MediaWiki LTS releases only.
However, this table helps to determine which extension-releases to use across all recent versions.

MediaWiki リリース Recommended Extension Version テストの状態 最終テスト日
1.35 (LTS) LDAPxxx_master テスト済 2020年March

参考文献

Migration from PluggableAuth 5

In REL1_39 branch LDAPAuthentication2 was adapted to PluggableAuth 6.

So in case of migration from REL1_35-REL1_38 (PluggableAuth 5) to REL1_39 (PluggableAuth 6) some configuration needs to be changed. Here is the example of the old configuration:

// In any case we need to specify LDAP domain configs
$LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

// Local login is enabled
$wgPluggableAuth_EnableLocalLogin = true;
$LDAPAuthentication2AllowLocalLogin = true;
...
$wgPluggableAuth_Class = "MediaWiki\\Extension\\LDAPAuthentication2\\PluggableAuth";
$wgPluggableAuth_ButtonLabel = "Log In (PluggableAuth)";

As a result, "Log In (PluggableAuth)" login button will appear on login page, with "domains" dropdown.

Domains list is obtained from the domain configs file. Let's assume that we have "ldap1" and "ldap2" domains configured there, still it is not reflected in PluggableAuth 5 configuration.

Here is how such configuration should be changed to be compatible with PluggableAuth 6:

// In any case we need to specify LDAP domain configs
$LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

// If local login is supported as well, then these globals are still needed
$wgPluggableAuth_EnableLocalLogin = true;
$LDAPAuthentication2AllowLocalLogin = true;
...
$wgPluggableAuth_Config['Log In (LDAP1)'] = [
    'plugin' => 'LDAPAuthentication2',
    'data' => [
        'domain' => 'ldap1'
    ]
];

$wgPluggableAuth_Config['Log In (LDAP2)'] = [
    'plugin' => 'LDAPAuthentication2',
    'data' => [
        'domain' => 'ldap2'
    ]
];

Here "ldap1" and "ldap2" are domains which are configured in domain configs file.

As a result, "Log In (LDAP1)" and "Log In (LDAP2)" login buttons will appear on login page.

So the main difference is that:

  • There is only one login button per LDAP domain.
  • Now $wgPluggableAuth_Config global should be used.
  • $wgPluggableAuth_Class global is not used anymore.