Extension:LDAPAuthorization/ru
This extension is maintained by a member of the MediaWiki Stakeholders' Group.
This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.
This extension requires the PluggableAuth extension to be installed first.This extensions checks for certain authorization requirements when logging into a wiki by using Разришение:PluggableAuth or Extension:Auth remoteuser. If one of the requirements are not satisfied the login process will be cancelled.
 Статус релиза: стабильно |
|
|---|---|
|
|
| Автор(ы) | Cindy Cicalese, Mark A. Hershberger, Robert Vogel |
| Последняя версия | 1.0.0 |
| Политика совместимости | Snapshots releases along with MediaWiki. Master is not backward compatible. |
| MediaWiki | 1.31+ |
| Composer | mediawiki/ldap-authorization |
| Лицензия | GNU General Public License 2.0 или позднее |
| Скачать | |
|
|
| Quarterly downloads | 803 (Ranked 9th) |
| Переведите расширение LDAPAuthorization, если оно доступно на translatewiki.net | |
Установка
- Install the LDAPProvider and PluggableAuth extensions.
- Скачайте и распакуйте файл(ы) в папку с названием
LDAPAuthorizationв вашей папкеextensions/. - Добавьте следующий код внизу вашего
LocalSettings.php:Configure as requiredwfLoadExtension( 'LDAPAuthorization' );
Готово – Перейдите на страницу Special:Version на своей вики, чтобы удостовериться в том, что расширение успешно установлено.
Параметры конфигурации расширения
| Название | По умолчанию | Описание |
|---|---|---|
AutoAuthRemoteUserStringParserRegistry
|
{
"domain-backslash-username": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\DomainBackslashUsername::factory",
"username-at-domain": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\UsernameAtDomain::factory"
}
|
A registry of factory callbacks for different parsers, that extract domain and username from a provided domain-username.
Должен возвращать объект Only used in case of auto-authentication provided by Extension:Auth remoteuser. |
AutoAuthRemoteUserStringParser
|
"domain-backslash-username"
|
Configures which parser is needed to extract domain and username from a provided domain-username. Допустимые значения:
Only used in case of auto-authentication provided by Extension:Auth remoteuser. |
AutoAuthUsernameNormalizer
|
""
|
A callback that allows to modify the username when Extension:Auth_remoteuser is used for network based authentication. E.g. "strtolower". If form based authentication is also enabled though Extension:LDAPAuthentication2 this should have the same value as $LDAPAuthentication2UsernameNormalizer.
Only used in case of auto-authentication provided by Extension:Auth remoteuser. |
Параметры конфигурации домена
| Название | По умолчанию | Описание |
|---|---|---|
rules.groups.required
|
[]
|
Array of group DNs that are required to complete the login process. Belonging to one group is sufficient (logical OR) to be authorized. |
rules.groups.excluded
|
[]
|
Array of group DNs that the user may not be member of to complete the login process. Belonging to one group is sufficient (logical OR) to be forbidden to log in. |
rules.attributes
|
{}
|
This implements the "attributes mapping" rule from Extension:LDAP Authentication
Example: {
"&" : {
"status": "active",
"|": {
"department": [ "100", "200" ],
"level": [ "5", "6" ]
}
}
}
|
rules.query
|
""
|
Allows to provide a standard LDAP query to be tested against the user. Comparable to $wgLDAPAuthAttribute from Extension:LDAP Authentication
Example:
|
If you want to configure this in LocalSettings.php you can extend the configuration for LDAPProvider like in this example:
$LDAPProviderDomainConfigProvider = function() {
$config = [
'LDAP' => [
'connection' => [
...
],
'authorization' => [
'rules' => [
'groups' => [
'required' => [ "groupname" ]
]
]
]
]
];
...
Here is a complete example LocalSettings.php configuration for Active Directory:
$LDAPProviderDomainConfigProvider = function()
{
$config =
[
"example.com" =>
[
"connection" =>
[
"server" => "ldap.example.com",
"user" => "cn=ldap,cn=Users,dc=example,dc=com",
"pass" => "password",
"basedn" => "dc=example,dc=com",
"groupbasedn" => "dc=example,dc=com",
"userbasedn" => "dc=example,dc=com",
"searchattribute" => "samaccountname",
"searchstring" => "USER-NAME@example.com",
"usernameattribute" => "samaccountname",
"realnameattribute" => "cn",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
],
"authorization" =>
[
"rules" =>
[
"groups" =>
[
"required" => [ "cn=Developers,cn=Users,dc=example,dc=com" ]
]
]
],
"groupsync" =>
[
"mechanism" => "mappedgroups",
"mapping" =>
[
"sysop" => "cn=Developers,cn=Users,dc=example,dc=com",
"bureaucrat" => "cn=Developers,cn=Users,dc=example,dc=com"
]
],
"userinfo" =>
[
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
Versioning
| MediaWiki Release | Recommended Extension Version | Test Status | Latest Test Date |
|---|---|---|---|
| 1.35 (LTS) | LDAPxxx_master | Tested | март 2020 |
| Это расширение включено в следующие пакеты и/или вики-фермы: This is not an authoritative list. Some wiki farms/hosts may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm. |