Erweiterung:LDAPAuthentication2

• Die Erweiterung herunterladen und die Datei(en) in ein Verzeichnis namens LDAPAuthentication2 im Ordner extensions/ ablegen.
• Folgenden Code am Ende der LocalSettings.php einfügen:

  wfLoadExtension( 'LDAPAuthentication2' );
  

• Configure as required.
•   Erledigt – Zu Special:Version in dem Wiki (bei Einstellung auf deutsch nach Spezial:Version) navigieren, um die erfolgreiche Installierung der Erweiterung zu überprüfen.

Erweiterungseinstellungen

$LDAPAuthentication2AllowLocalLogin

Whether or not to display a "local" pseudo-domain in the domain selector on "Special:Login", thus allowing to authenticate against the local user database. (defaults to false )

$LDAPAuthentication2UsernameNormalizer

Use this function for normalizing username for LDAP, for example 'strtolower'. Needed after migration from earlier Version. (defaults to "" )

authentication.usernameattribute

The LDAP user object attribute name that should be used as a local wiki user username (defaults to "samaccountname")

authentication.realnameattribute

The LDAP user object attribute name that should be used as a local wiki user realname (defaults to "cn")

authentication.emailattribute

The LDAP user object attribute name that should be used as e-mail address for the local wiki user (defaults to "mail")

• Manual:Active Directory Integration (PluggableAuth + LDAP Stack)

In REL1_39 branch ``LDAPAuthentication2`` was adapted to PluggableAuth 6.

So in case of migration from REL1_35-REL1_38 (PluggableAuth 5) to REL1_39 (PluggableAuth 6) some configuration needs to be changed. Here is the example of the old configuration:

// In any case we need to specify LDAP domain configs
$LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

// Local login is enabled
$wgPluggableAuth_EnableLocalLogin = true;
$LDAPAuthentication2AllowLocalLogin = true;
...
$wgPluggableAuth_Class = "MediaWiki\\Extension\\LDAPAuthentication2\\PluggableAuth";
$wgPluggableAuth_ButtonLabel = "Log In (PluggableAuth)";

As a result, "Log In (PluggableAuth)" login button will appear on login page, with "domains" dropdown.

Domains list is obtained from the domain configs file. Let's assume that we have "ldap1" and "ldap2" domains configured there, still it is not reflected in PluggableAuth 5 configuration.

--

Here is how such configuration should be changed to be compatible with PluggableAuth 6:

// In any case we need to specify LDAP domain configs
$LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

// If local login is supported as well, then these globals are still needed
$wgPluggableAuth_EnableLocalLogin = true;
$LDAPAuthentication2AllowLocalLogin = true;
...
$wgPluggableAuth_Config['Log In (LDAP1)'] = [
    'plugin' => 'LDAPAuthentication2',
    'data' => [
        'domain' => 'ldap1'
    ]
];

$wgPluggableAuth_Config['Log In (LDAP2)'] = [
    'plugin' => 'LDAPAuthentication2',
    'data' => [
        'domain' => 'ldap2'
    ]
];

Here "ldap1" and "ldap2" are domains which are configured in domain configs file.

As a result, "Log In (LDAP1)" and "Log In (LDAP2)" login buttons will appear on login page.

So the main difference is that:

• There is only one login button per LDAP domain.
• Now $wgPluggableAuth_Config global should be used.
• $wgPluggableAuth_Class global is not used anymore.