This page is a translated version of the page Extension:LDAPAuthentication2 and the translation is 62% complete.
This extension is maintained by a member of the MediaWiki Stakeholder-Gruppe .
This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.
This extension requires the PluggableAuth extension to be installed first.
Freigabestatus: stabil
Letzte Version 1.0.1
Kompatibilitätspolitik Für jede MediaWiki-Version, die ein Long Term Support Release ist, existiert ein entsprechender Zweig in der Erweiterung.
MediaWiki 1.31+
Composer mediawiki/ldap-authentication-2
Lizenz GNU General Public License 2.0 oder neuer
  • $LDAPAuthentication2AllowLocalLogin
  • $LDAPAuthentication2UsernameNormalizer
Quarterly downloads 1,252 (Ranked 9th)
Übersetze die LDAPAuthentication2-Erweiterung, wenn sie auf verfügbar ist
Probleme Offene Aufgaben · Einen Fehler melden


  • Die Erweiterung herunterladen und die Datei(en) in ein Verzeichnis namens LDAPAuthentication2 im Ordner extensions/ ablegen.
  • Folgenden Code am Ende der LocalSettings.php einfügen:
    wfLoadExtension( 'LDAPAuthentication2' );
  • Configure as required.
  •   Erledigt – Zu Special:Version in dem Wiki (bei Einstellung auf deutsch nach Spezial:Version) navigieren, um die erfolgreiche Installierung der Erweiterung zu überprüfen.



Whether or not to display a "local" pseudo-domain in the domain selector on "Special:Login", thus allowing to authenticate against the local user database. (defaults to false )
Use this function for normalizing username for LDAP, for example 'strtolower'. Needed after migration from earlier Version. (defaults to "" )

Domain settings

The LDAP user object attribute name that should be used as a local wiki user username (defaults to "samaccountname")
The LDAP user object attribute name that should be used as a local wiki user realname (defaults to "cn")
The LDAP user object attribute name that should be used as e-mail address for the local wiki user (defaults to "mail")


LDAP Stack Extensions are targeted/qualified for MediaWiki LTS releases only.
However, this table helps to determine which extension-releases to use across all recent versions.

MediaWiki Release Recommended Extension Version Test Status Latest Test Date
1.35 (LTS) LDAPxxx_master Tested März 2020

Further Reading

Migration from PluggableAuth 5

In REL1_39 branch ``LDAPAuthentication2`` was adapted to PluggableAuth 6.

So in case of migration from REL1_35-REL1_38 (PluggableAuth 5) to REL1_39 (PluggableAuth 6) some configuration needs to be changed. Here is the example of the old configuration:

// In any case we need to specify LDAP domain configs
$LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

// Local login is enabled
$wgPluggableAuth_EnableLocalLogin = true;
$LDAPAuthentication2AllowLocalLogin = true;
$wgPluggableAuth_Class = "MediaWiki\\Extension\\LDAPAuthentication2\\PluggableAuth";
$wgPluggableAuth_ButtonLabel = "Log In (PluggableAuth)";

As a result, "Log In (PluggableAuth)" login button will appear on login page, with "domains" dropdown.

Domains list is obtained from the domain configs file. Let's assume that we have "ldap1" and "ldap2" domains configured there, still it is not reflected in PluggableAuth 5 configuration.


Here is how such configuration should be changed to be compatible with PluggableAuth 6:

// In any case we need to specify LDAP domain configs
$LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

// If local login is supported as well, then these globals are still needed
$wgPluggableAuth_EnableLocalLogin = true;
$LDAPAuthentication2AllowLocalLogin = true;
$wgPluggableAuth_Config['Log In (LDAP1)'] = [
    'plugin' => 'LDAPAuthentication2',
    'data' => [
        'domain' => 'ldap1'

$wgPluggableAuth_Config['Log In (LDAP2)'] = [
    'plugin' => 'LDAPAuthentication2',
    'data' => [
        'domain' => 'ldap2'

Here "ldap1" and "ldap2" are domains which are configured in domain configs file.

As a result, "Log In (LDAP1)" and "Log In (LDAP2)" login buttons will appear on login page.

So the main difference is that:

  • There is only one login button per LDAP domain.
  • Now $wgPluggableAuth_Config global should be used.
  • $wgPluggableAuth_Class global is not used anymore.