Extension:LDAPAuthorization/de
This extensions checks for certain authorization requirements when logging into a wiki by using Erweiterung:PluggableAuth or Erweiterung:Auth remoteuser . If one of the requirements are not satisfied the login process will be cancelled.
LDAPAuthorization Freigabestatus: stabil |
|
---|---|
File:MWStake LDAPStack Icon.svg | |
Autor(en) | Cindy Cicalese, Mark A. Hershberger, Robert Vogel |
Letzte Version | 1.0.0 |
Kompatibilitätspolitik | Snapshots werden zusammen mit MediaWiki veröffentlicht. Der Master ist nicht abwärtskompatibel. |
MediaWiki | 1.31+ |
Lizenz | GNU General Public License 2.0 oder später |
Herunterladen | |
Quarterly downloads | Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin'). |
Public wikis using | Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin'). |
Übersetze die LDAPAuthorization-Erweiterung, wenn sie auf translatewiki.net verfügbar ist |
Installation
- Install the LDAPProvider and PluggableAuth extensions.
- <translate> [[<tvar name=2>Special:ExtensionDistributor/LDAPAuthorization</tvar>|Download]] and move the extracted <tvar name=name>
LDAPAuthorization
</tvar> folder to your <tvar name=ext>extensions/
</tvar> directory.</translate>
<translate> Developers and code contributors should install the extension [[<tvar name=git>Special:MyLanguage/Download from Git</tvar>|from Git]] instead, using:</translate>cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthorization - <translate> Add the following code at the bottom of your <tvar name=1>LocalSettings.php </tvar> file:</translate> Configure as required.
wfLoadExtension( 'LDAPAuthorization' );
- File:OOjs UI icon check-constructive.svg <translate> Done</translate> – <translate> Navigate to <tvar name=special>Special:Version</tvar> on your wiki to verify that the extension is successfully installed.</translate>
Erweiterungskonfigurationseinstellungen
Name | Standard | Beschreibung |
---|---|---|
AutoAuthRemoteUserStringParserRegistry
|
{
"domain-backslash-username": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\DomainBackslashUsername::factory",
"username-at-domain": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\UsernameAtDomain::factory"
}
|
A registry of factory callbacks for different parsers, that extract domain and username from a provided domain-username.
Must return Only used in case of auto-authentication provided by Erweiterung:Auth remoteuser . |
AutoAuthRemoteUserStringParser
|
"domain-backslash-username"
|
Configures which parser is needed to extract domain and username from a provided domain-username. Erlaubte Werte sind:
Only used in case of auto-authentication provided by Auth remoteuser. |
AutoAuthUsernameNormalizer
|
""
|
A callback that allows to modify the username when Extension:Auth_remoteuser is used for network based authentication. E.g. "strtolower" . If form based authentication is also enabled though Extension:LDAPAuthentication2 this should have the same value as Only used in case of auto-authentication provided by Erweiterung:Auth remoteuser . |
Domain config settings
Name | Standard | Beschreibung |
---|---|---|
rules.groups.required
|
[]
|
Array of group DNs that are required to complete the login process. Belonging to one group is sufficient (logical OR) to be authorized. |
rules.groups.excluded
|
[]
|
Array of group DNs that the user may not be member of to complete the login process. Belonging to one group is sufficient (logical OR) to be forbidden to log in. |
rules.attributes
|
{}
|
This implements the "attributes mapping" rule from Extension:LDAP Authentication
Example: {
"&" : {
"status": "active",
"|": {
"department": [ "100", "200" ],
"level": [ "5", "6" ]
}
}
}
|
rules.query
|
""
|
Allows to provide a standard LDAP query to be tested against the user. Comparable to $wgLDAPAuthAttribute from Extension:LDAP Authentication
Example:
|
Example 1
If you want to configure this in LocalSettings.php
you can extend the configuration for LDAPProvider like in this example:
$LDAPProviderDomainConfigProvider = function() {
$config = [
'LDAP' => [
'connection' => [
...
],
'authorization' => [
'rules' => [
'groups' => [
'required' => [ "groupname" ]
]
]
]
]
];
...
Example 2
Here is a complete example LocalSettings.php
configuration for Active Directory:
$LDAPProviderDomainConfigProvider = function()
{
$config =
[
"example.com" =>
[
"connection" =>
[
"server" => "ldap.example.com",
"user" => "cn=ldap,cn=Users,dc=example,dc=com",
"pass" => "password",
"basedn" => "dc=example,dc=com",
"groupbasedn" => "dc=example,dc=com",
"userbasedn" => "dc=example,dc=com",
"searchattribute" => "samaccountname",
"searchstring" => "USER-NAME@example.com",
"usernameattribute" => "samaccountname",
"realnameattribute" => "cn",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
],
"authorization" =>
[
"rules" =>
[
"groups" =>
[
"required" => [ "cn=Developers,cn=Users,dc=example,dc=com" ]
]
]
],
"groupsync" =>
[
"mechanism" => "mappedgroups",
"mapping" =>
[
"sysop" => "cn=Developers,cn=Users,dc=example,dc=com",
"bureaucrat" => "cn=Developers,cn=Users,dc=example,dc=com"
]
],
"userinfo" =>
[
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
Versionierung
MediaWiki Release | Recommended Extension Version | Test Status | Latest Test Date |
---|---|---|---|
1.35 (LTS) | LDAPxxx_master | Tested | March 2020 |
File:OOjs UI icon information-progressive.svg | <translate> This extension is included in the following wiki farms/hosts and/or packages:</translate>
<translate> This is not an authoritative list.</translate> <translate> Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here.</translate> <translate> Always check with your wiki farms/hosts or bundle to confirm.</translate> |
- Pages with script errors
- Pages with broken file links
- MediaWiki Stakeholders' Group/de
- LDAP Stack Member/de
- PluggableAuth plugins/de
- Stable extensions/de
- Extensions with invalid or missing type/de
- Extensions with manual MediaWiki version
- GPL licensed extensions/de
- Extensions in Wikimedia version control/de
- All extensions/de
- Extensions not in ExtensionJson
- LDAP extensions/de
- Extensions by MITRE/de
- User identity extensions/de