Extension:LDAPAuthentication2

**MediaWiki extensions manual**
LDAPAuthentication2; Release status: stable
Implementation	User identity
Author(s)	Cindy Cicalese; Mark A. Hershberger; Robert Vogel;
Latest version	1.0.1
Compatibility policy	For every MediaWiki release that is a Long Term Support release there is a corresponding branch in the extension.
MediaWiki	1.31+
Composer	mediawiki/ldap-authentication-2
License	GNU General Public License 2.0 or later
Download	Download extension ; Git [?]: Download Git master; browse repository (Phabricator · GitHub); commit history; repository contributors (GitHub); code review;
	Parameters $LDAPAuthentication2AllowLocalLogin; $LDAPAuthentication2UsernameNormalizer;
	Hooks used ;
Quarterly downloads	480 (Ranked 6th)
	Translate the LDAPAuthentication2 extension if it is available at translatewiki.net
Issues	Open tasks · Report a bug

Translate this page

This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.

This extension requires the PluggableAuth extension to be installed first.

Installation

Download and move the extracted LDAPAuthentication2 folder to your extensions/ directory.
Developers and code contributors should install the extension from Git instead, using:cd extensions/ git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthentication2
Add the following code at the bottom of your LocalSettings.php file:
```
wfLoadExtension( 'LDAPAuthentication2' );
```
Configure as required.
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration

Extension settings

$LDAPAuthentication2AllowLocalLogin: Whether or not to display a "local" pseudo-domain in the domain selector on "Special:Login", thus allowing to authenticate against the local user database. (defaults to false )
$LDAPAuthentication2UsernameNormalizer: Use this function for normalizing username for LDAP, for example 'strtolower'. Needed after migration from earlier Version. (defaults to "" )

Domain settings

authentication.usernameattribute: The LDAP user object attribute name that should be used as a local wiki user username (defaults to "samaccountname")
authentication.realnameattribute: The LDAP user object attribute name that should be used as a local wiki user realname (defaults to "cn")
authentication.emailattribute: The LDAP user object attribute name that should be used as e-mail address for the local wiki user (defaults to "mail")

Versioning

LDAP Stack Extensions are targeted/qualified for MediaWiki LTS releases only.
**However, this table helps to determine which extension-releases to use across all recent versions.**
MediaWiki Release	Recommended Extension Version	Test Status	Latest Test Date
1.35 (LTS)	LDAPxxx_master	Tested	March 2020

Migration from PluggableAuth 5

In REL1_39 branch LDAPAuthentication2 was adapted to PluggableAuth 6.

So in case of migration from REL1_35-REL1_38 (PluggableAuth 5) to REL1_39 (PluggableAuth 6) some configuration needs to be changed. Here is the example of the old configuration:

// In any case we need to specify LDAP domain configs
$LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

// Local login is enabled
$wgPluggableAuth_EnableLocalLogin = true;
$LDAPAuthentication2AllowLocalLogin = true;
...
$wgPluggableAuth_Class = "MediaWiki\\Extension\\LDAPAuthentication2\\PluggableAuth";
$wgPluggableAuth_ButtonLabel = "Log In (PluggableAuth)";

As a result, "Log In (PluggableAuth)" login button will appear on login page, with "domains" dropdown.

Domains list is obtained from the domain configs file. Let's assume that we have "ldap1" and "ldap2" domains configured there, still it is not reflected in PluggableAuth 5 configuration.

Here is how such configuration should be changed to be compatible with PluggableAuth 6:

// In any case we need to specify LDAP domain configs
$LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

// If local login is supported as well, then these globals are still needed
$wgPluggableAuth_EnableLocalLogin = true;
$LDAPAuthentication2AllowLocalLogin = true;
...
$wgPluggableAuth_Config['Log In (LDAP1)'] = [
    'plugin' => 'LDAPAuthentication2',
    'data' => [
        'domain' => 'ldap1'
    ]
];

$wgPluggableAuth_Config['Log In (LDAP2)'] = [
    'plugin' => 'LDAPAuthentication2',
    'data' => [
        'domain' => 'ldap2'
    ]
];

Here "ldap1" and "ldap2" are domains which are configured in domain configs file.

As a result, "Log In (LDAP1)" and "Log In (LDAP2)" login buttons will appear on login page.

So the main difference is that:

There is only one login button per LDAP domain.
Now $wgPluggableAuth_Config global should be used.
$wgPluggableAuth_Class global is not used anymore.

This extension is included in the following wiki farms/hosts and/or packages:

This is not an authoritative list. Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm.

LDAPAuthentication2 Release status: stable

Implementation	User identity
Author(s)	Cindy Cicalese Mark A. Hershberger Robert Vogel
Latest version	1.0.1
Compatibility policy	For every MediaWiki release that is a Long Term Support release there is a corresponding branch in the extension.
MediaWiki	1.31+
Composer	mediawiki/ldap-authentication-2
License	GNU General Public License 2.0 or later
Download	Download extension Git ^[?]: Download Git master browse repository (Phabricator · GitHub) commit history repository contributors (GitHub) code review
Parameters $LDAPAuthentication2AllowLocalLogin $LDAPAuthentication2UsernameNormalizer
Hooks used
Quarterly downloads	480 (Ranked 6^th)
Translate the LDAPAuthentication2 extension if it is available at translatewiki.net
Issues	Open tasks · Report a bug