Extension:LDAPAuthorization/pl
This extensions checks for certain authorization requirements when logging into a wiki by using Extension:PluggableAuth or Extension:Auth remoteuser . If one of the requirements are not satisfied the login process will be cancelled.
LDAPAuthorization Status wydania: stabilne |
|
---|---|
Autor(zy) | Cindy Cicalese, Mark A. Hershberger, Robert Vogel |
Ostatnia wersja | 1.0.0 |
Polityka zgodności | Snapshots releases along with MediaWiki. Master nie jest kompatybilny wstecznie. |
MediaWiki | 1.31+ |
Licencja | Licencja GNU General Public License 2.0 lub późniejsza |
Pobieranie | |
|
|
Quarterly downloads | 283 (Ranked 17th) |
Przetłumacz rozszerzenie LDAPAuthorization jeżeli jest dostępne na translatewiki.net | |
Instalacja
- Install the LDAPProvider and PluggableAuth extensions.
- Pobierz i umieść plik(i) w katalogu o nazwie
LDAPAuthorization
w folderzeextensions/
.
Developers and code contributors should install the extension from Git instead, using:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthorization - Dodaj poniższy kod na dole twojego pliku LocalSettings.php : Configure as required.
wfLoadExtension( 'LDAPAuthorization' );
- Zrobione – Przejdź do Special:Version na twojej wiki, aby sprawdzić czy rozszerzenie zostało pomyślnie zainstalowane.
Extension config settings
Nazwa | Domyślnie | Opis |
---|---|---|
AutoAuthRemoteUserStringParserRegistry
|
{
"domain-backslash-username": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\DomainBackslashUsername::factory",
"username-at-domain": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\UsernameAtDomain::factory"
}
|
A registry of factory callbacks for different parsers, that extract domain and username from a provided domain-username.
Must return Only used in case of auto-authentication provided by Extension:Auth remoteuser . |
AutoAuthRemoteUserStringParser
|
"domain-backslash-username"
|
Configures which parser is needed to extract domain and username from a provided domain-username. Allowed values are:
Only used in case of auto-authentication provided by Auth remoteuser. |
AutoAuthUsernameNormalizer
|
""
|
A callback that allows to modify the username when Extension:Auth_remoteuser is used for network based authentication. E.g. "strtolower" .
If form based authentication is also enabled though Extension:LDAPAuthentication2 this should have the same value as |
Domain config settings
Nazwa | Domyślnie | Opis |
---|---|---|
rules.groups.required
|
[]
|
Array of group DNs that are required to complete the login process. Belonging to one group is sufficient (logical OR) to be authorized. |
rules.groups.excluded
|
[]
|
Array of group DNs that the user may not be member of to complete the login process. Belonging to one group is sufficient (logical OR) to be forbidden to log in. |
rules.attributes
|
{}
|
This implements the "attributes mapping" rule from Extension:LDAP Authentication
Example: {
"&" : {
"status": "active",
"|": {
"department": [ "100", "200" ],
"level": [ "5", "6" ]
}
}
}
|
rules.query
|
""
|
Allows to provide a standard LDAP query to be tested against the user. Comparable to $wgLDAPAuthAttribute from Extension:LDAP Authentication
Example:
|
Example 1
If you want to configure this in LocalSettings.php
you can extend the configuration for LDAPProvider like in this example:
$LDAPProviderDomainConfigProvider = function() {
$config = [
'LDAP' => [
'connection' => [
...
],
'authorization' => [
'rules' => [
'groups' => [
'required' => [ "groupname" ]
]
]
]
]
];
...
Example 2
Here is a complete example LocalSettings.php
configuration for Active Directory:
$LDAPProviderDomainConfigProvider = function()
{
$config =
[
"example.com" =>
[
"connection" =>
[
"server" => "ldap.example.com",
"user" => "cn=ldap,cn=Users,dc=example,dc=com",
"pass" => "password",
"basedn" => "dc=example,dc=com",
"groupbasedn" => "dc=example,dc=com",
"userbasedn" => "dc=example,dc=com",
"searchattribute" => "samaccountname",
"searchstring" => "USER-NAME@example.com",
"usernameattribute" => "samaccountname",
"realnameattribute" => "cn",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
],
"authorization" =>
[
"rules" =>
[
"groups" =>
[
"required" => [ "cn=Developers,cn=Users,dc=example,dc=com" ]
]
]
],
"groupsync" =>
[
"mechanism" => "mappedgroups",
"mapping" =>
[
"sysop" => "cn=Developers,cn=Users,dc=example,dc=com",
"bureaucrat" => "cn=Developers,cn=Users,dc=example,dc=com"
]
],
"userinfo" =>
[
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
Versioning
MediaWiki Release | Recommended Extension Version | Test Status | Latest Test Date |
---|---|---|---|
1.35 (LTS) | LDAPxxx_master | Tested | marzec 2020 |
To rozszerzenie jest dołączone do następujących farm/hostów wiki lub pakietów: To nie jest pełna lista. Niektóre farmy/hosty wiki lub pakiety mogą zawierać to rozszerzenie nawet jeśli nie są one tutaj wymienione. Zawsze sprawdzaj swoje farmy/hosty wiki, aby to potwierdzić. |
- LDAP Stack Member/pl
- PluggableAuth plugins/pl
- Stable extensions/pl
- Extensions with invalid or missing type/pl
- GPL licensed extensions/pl
- Extensions in Wikimedia version control/pl
- AuthRemoteuserFilterUserName extensions/pl
- PluggableAuthUserAuthorization extensions/pl
- All extensions/pl
- Extensions included in BlueSpice/pl
- Extensions included in Canasta/pl
- LDAP extensions/pl
- Extensions by MITRE/pl
- User identity extensions/pl