Extension:LDAPGroups
This extension allows to sync user groups from a LDAP resource, when a user logs into the wiki.
LDAPGroups Release status: stable |
|
---|---|
File:MWStake LDAPStack Icon.svg | |
Author(s) | Cindy Cicalese, Mark A. Hershberger, Robert Vogel |
Latest version | 3.0.0-alpha |
Compatibility policy | Snapshots releases along with MediaWiki. Master is not backward compatible. |
MediaWiki | 1.31+ |
Composer | mediawiki/ldap-groups |
License | GNU General Public License 2.0 |
Download | |
|
|
Quarterly downloads | Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin'). |
Public wikis using | Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin'). |
Translate the LDAPGroups extension if it is available at translatewiki.net |
Extension config settings
Name | Default | Description |
---|---|---|
SyncMechanismRegistry
|
{
"mappedgroups": "MediaWiki\\Extension\\LDAPGroups\\SyncMechanism\\MappedGroups::factory",
"allgroups": "MediaWiki\\Extension\\LDAPGroups\\SyncMechanism\\AllGroups::factory"
}
|
Allows registration of custom group sync mechanisms.
|
Domain config settings
Name | Default | Description |
---|---|---|
groupsync.mechanism
|
"mappedgroups"
|
The key of the sync mechanism (see above) to be used. by default there are two available:
|
groupsync.locally-managed
|
[]
|
Only used when groupsync.mechanism = allgroups . Takes an array of local user group names (not DNs!) that should not be assigned/unassigned automattically. Groups "sysop" , "bureaucrat" and "bot" are implicitly locally managed.
|
groupsync.mapping
|
{}
|
Only used when groupsync.mechanism = mappedgroups .
Example:{
"mathematicians": "ou=mathematicians,dc=example,dc=com",
"scientists": "ou=scientists,dc=example,dc=com"
}
|
If you want to configure this in LocalSettings.php
you can extend the configuration for LDAPProvider like in this example:
$LDAPProviderDomainConfigProvider = function() {
$config = [
'LDAP' => [
'connection' => [
...
],
'groupsync' => [
"mechanism" => "allgroups",
"locally-managed" => [ "local", "wiki", "group", "names" ]
]
]
];
...
Using LDAPGroups without LDAP authentication
LDAPGroups needs to have information about which LDAP domain configuration to use for a user logging in. For this it uses a table in the database (ldap_domains
). When using Extension:LDAPAuthentication2 this table automatically gets the necessary data filled in.
If you use another type of authentication (e.g. Auth_remoteuser or SimpleSAMLphp) you have to find another way of feeding this table. If you are using only one LDAP domain you can e.g. add this to your LocalSettings.php (again based on the example config for LDAPProvider):
function onUserLoggedIn_AddToDomain( $domain, $user ) {
$userDomainStore = new MediaWiki\Extension\LDAPProvider\UserDomainStore(
\MediaWiki\MediaWikiServices::getInstance()->getDBLoadBalancer()
);
$currentDomain = $userDomainStore->getDomainForUser( $user );
if ( !$currentDomain || $currentDomain != $domain ) {
$userDomainStore->setDomainForUser( $user, $domain );
}
}
$wgHooks['UserLoggedIn'][] = 'onUserLoggedIn_AddToDomain';
Versioning
MediaWiki Release | Recommended Extension Version | Test Status | Latest Test Date |
---|---|---|---|
1.35 (LTS) | LDAPxxx_master | Tested | March 2020 |
File:OOjs UI icon information-progressive.svg | <translate> This extension is included in the following wiki farms/hosts and/or packages:</translate>
<translate> This is not an authoritative list.</translate> <translate> Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here.</translate> <translate> Always check with your wiki farms/hosts or bundle to confirm.</translate> |
- Pages with script errors
- Pages with broken file links
- MediaWiki Stakeholders' Group
- LDAP Stack Member
- Stable extensions
- Extensions with invalid or missing type
- Extensions with release branches compatibility policy
- Extensions with manual MediaWiki version
- Extensions supporting Composer
- GPL licensed extensions
- Extensions in Wikimedia version control
- UserLoadAfterLoadFromSession extensions
- All extensions
- LDAP extensions