Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
4 posts

Wannabe Geek


  # 2365242 2-Dec-2019 23:13
Send private message quote this post

Hi, there!

 

Sorry for the late reply. I've been out of the office all last week. I'm posting my configuration LocalSettings.php. I have edited it for privacy reasons, but I think you'll get the point quickly by taking a look at it. You will note that OU, CN and other words appear there sometimes in capital letters or not. I believe that is unrelevant for your config to work as expected. What you have to make sure about is that the names your LDAP/AD entries match the ones of your config. Let's say you have a group in your LDAP called Users, then write Users in your config. Check out the groupsync and authorization parameters. I think they're related and must be both declared in order to make Authorization work properly.

 

# End of automatically generated settings.
# Add more configuration options below.

 

# LDAP
wfLoadExtensions( [
        'PluggableAuth',
        'LDAPProvider',
        'LDAPAuthentication2',
        'LDAPAuthorization',
        'Auth_remoteuser',
        'LDAPGroups'
] );

 

# I DON'T KNOW WHAT THIS DOES, BUT I THINK IT IS NEEDED ;-)
$wgAuthRemoteuserUserNameReplaceFilter = [
    '@DOMAIN.MY$' => '' // mod_krb5 and .htaccess
];

 

$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;

 

$LDAPAuthentication2UsernameNormalizer = 'strtolower';
$LDAPAuthentication2AllowLocalLogin = true;

 

$LDAPProviderDomainConfigProvider = function() {
        $config = [
                'mydomain' => [
                        'connection' => [
                                "server" => "your_server_IP_or_dns_name_without_http_https_or_whatever",
                                "user" => "CN=XXXXXX,OU=Users,OU=XXXXXX,DC=XXXXXX,",
                                "pass" => 'XXXXXXXXXXXXXXXXXXXXXX',
                                "port" => Better to use 389 to avoid SSL problems just for testing, then use 636,
                                "enctype" => 'ssl',
                                "options" => [
                                        "LDAP_OPT_DEREF" => 1
                                ],
                                "basedn" => "ou=XXXXXX,dc=XXXXXX",
                                "groupbasedn" => "ou=Groups,ou=XXXXXXXX,ou=XXXXXXXXXXX",
                                "userbasedn" => "ou=XXXXXXXXXX,dc=XXXXXXXXX",
                                "searchattribute" => "samaccountname",
                                "usernameattribute" => "samaccountname",
                                "realnameattribute" => "cn",
                                "emailattribute" => "mail",
                                "grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
                        ],
                        'groupsync' =>
                        [
                                "mechanism" => "mappedgroups",
                                "mapping" =>
                                [
                                        "read" => "cn=XXXXXXXXXXXXXXX,ou=XXXXXXXXXXXXXXX,ou=XXXXXXXXXXXXXXX",
                                        "write" => "cn=XXXXXXXXXXXXXXX,ou=XXXXXXXXXXXXXXX,ou=XXXXXXXXXXXXXXX"
                                ]
                        ],
                        'authorization' =>
                        [
                                "rules" =>
                                [
                                        "groups" =>
                                        [
                                                "required" =>
                                                [
                                                        "cn=XXXXXXXXXXXXXXX,ou=XXXXXXXXXXXXXXX,ou=XXXXXXXXXXXXXXX"
                                                ]
                                        ]
                                ]
                        ],
                        'userinfo' => [
                                "attributes-map" => [
                                        "realname" => "cn"
                                ]
                        ]
                ]
        ];

 

        return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};

 

# This will show errors in your browser if there are any of them (like a --verbose option I think). Remove it in production or set it to false
$wgShowExceptionDetails = true;


2 posts

Wannabe Geek


  # 2383565 1-Jan-2020 05:58
One person supports this post
Send private message quote this post

Apologies for the late response. Been OOO myself, and then consumed with end of year patches/updates/disruptive maintenance. 

 

Very much appreciate this posting. Thank you. You've helped me resolve some of my syntax errors and get my group syncs working. Thank you so much!

 

 

 

R/,

 

 - A


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.