[Mageia-sysadm] mediawiki

Thu Feb 17 11:40:51 CET 2011

On Thursday, 17 February 2011 09:05:00 Oliver Burger wrote:
> 2011/2/17 Michael Scherer <misc at zarb.org>
> 
> > Le dimanche 13 février 2011 à 16:48 +0100, Oliver Burger a écrit :
> > > First: there is no ldap-extension in the package, since I don't know
> > > ldap.
> > > Second: the src.rpm creates two rpm packages, a normal mediawiki
> > > package and our multilingual one.
> > > We should somehow patch it so that normal mediawiki uses its own user
> > > registration tool and authentification while the mageia multilingual
> > > one should use catdap for registration and ldap for authentification...
> > 
> > Well, that's something that do not requires patching, as when the wiki
> > was choosed, ldap authentication was on the required feature list.
> 
> No ldap-support itself doesn't need patching, it's just an extension
> to add and some
> configuration strings in LocalSettings.php that have to be set after
> installation and
> initial mediawiki setup.
> But shouldn't we use identity.mageia.org instead of mediawiki's own
> registration tool? Or can this be done by configuration in
> LocalSettings.php?

This works on our (old) installation:

$wgGroupPermissions['*']['createaccount'] = false;

Users still need to be notified how to create accounts though.

> blingme told me in webteam meeting yesterday he could help.

The rest of the settings for LDAPAuthentication.php should be as follows. Note 
that the option to pull preferences from LDAP includes the perferredLanguage 
attribute (which we currently set on registration, but the user is able to 
change it - we may want to try and constrain the values that can be put there 
in future).

$wgLDAPDomainNames = array("Mageia");

#Values to be populated by puppet:
$wgLDAPServerNames = array("Mageia" => "<%= ldap_server %>");
$wgLDAPBaseDNs = array("Mageia" => "<%= dc_suffix %>");
$wgLDAPProxyAgent = array("Mageia" => "<%= ldap_account %>");
$wgLDAPProxyAgentPassword = array ("Mageia" => "<%= ldap_password %>");

$wgLDAPEncryptionType = array("Mageia" => "tls");

# To match bugzilla hardcoded length
$wgMinimalPasswordLength = 6;

//Allow the use of the local database as well as the LDAP database.
//Good for transitional purposes. Disable when done.
#$wgLDAPUseLocal = false;
$wgLDAPUseLocal = true;

$wgLDAPWriteLocation = array();

$wgLDAPSearchAttributes = array("Mageia" => "uid");

$wgLDAPMailPassword = false;

//Option for allowing the retreival of user preferences from LDAP
//Only pulls a small amount of info currently
$wgLDAPRetrievePrefs = array("Mageia" => true);

//Whether the username in the group is a full DN (AD generally does this), or
//just the username (posix groups generally do this)
$wgLDAPGroupUseFullDN = array( "Mageia" => true );

//The objectclass of the groups we want to search for
$wgLDAPGroupObjectclass = array( "Mageia"=>"groupOfNames" );

//The attribute used for group members
$wgLDAPGroupAttribute = array( "Mageia"=>"member" );

//Whether or not the plugin should search in nested groups
$wgLDAPGroupSearchNestedGroups = array( "Mageia"=>false );

$wgLDAPUseLDAPGroups = array( "Mageia"=>true );
$wgLDAPGroupNameAttribute = array( "Mageia"=>"cn" );

Regards,
Buchan