Jump to content

Extension:LDAPAuthorization/pl

From mediawiki.org
This page is a translated version of the page Extension:LDAPAuthorization and the translation is 18% complete.
This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.
This extension requires the PluggableAuth extension to be installed first.

This extensions checks for certain authorization requirements when logging into a wiki by using Extension:PluggableAuth or Extension:Auth remoteuser . If one of the requirements are not satisfied the login process will be cancelled.

Podręcznik rozszerzeń MediaWiki
LDAPAuthorization
Status wydania: stabilne
Autor(zy) Cindy Cicalese, Mark A. Hershberger, Robert Vogel
Ostatnia wersja 1.0.0
Polityka zgodności Snapshots releases along with MediaWiki. Master nie jest kompatybilny wstecznie.
MediaWiki 1.31+
Licencja Licencja GNU General Public License 2.0 lub późniejsza
Pobieranie
  • $wgAutoAuthUsernameNormalizer
  • $wgAutoAuthRemoteUserStringParser
  • $wgAutoAuthRemoteUserStringParserRegistry
  • $wgAutoAuthBypassWithCookieUsernameRemoteAddrs
Quarterly downloads 268 (Ranked 18th)
Przetłumacz rozszerzenie LDAPAuthorization jeżeli jest dostępne na translatewiki.net

Instalacja

  • Install the LDAPProvider and PluggableAuth extensions.
  • Pobierz i umieść plik(i) w katalogu o nazwie LDAPAuthorization w folderze extensions/.
    Developers and code contributors should install the extension from Git instead, using:cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthorization
  • Dodaj poniższy kod na dole twojego pliku LocalSettings.php :
    wfLoadExtension( 'LDAPAuthorization' );
    
    Configure as required.
  • Yes Zrobione – Przejdź do Special:Version na twojej wiki, aby sprawdzić czy rozszerzenie zostało pomyślnie zainstalowane.

Extension config settings

When using them in LocalSettings.php, these variables need to be prefixed with $LDAPAuthorization
Nazwa Domyślnie Opis
AutoAuthRemoteUserStringParserRegistry
{
 "domain-backslash-username": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\DomainBackslashUsername::factory",
 "username-at-domain": "MediaWiki\\Extension\\LDAPAuthorization\\AutoAuth\\RemoteUserStringParser\\UsernameAtDomain::factory"
}
A registry of factory callbacks for different parsers, that extract domain and username from a provided domain-username.

Must return IRemoteUserStringParser object.

Only used in case of auto-authentication provided by Extension:Auth remoteuser .

AutoAuthRemoteUserStringParser "domain-backslash-username" Configures which parser is needed to extract domain and username from a provided domain-username. Allowed values are:
  • "domain-backslash-username" (Use this if $_SERVER['REMOTE_USER'] = "SOMEDOMAIN\\Some username")
  • "username-at-domain" (Use this if $_SERVER['REMOTE_USER'] = "some.username@somedomain.local")

Only used in case of auto-authentication provided by Auth remoteuser.

AutoAuthUsernameNormalizer "" A callback that allows to modify the username when Extension:Auth_remoteuser is used for network based authentication. E.g. "strtolower".

If form based authentication is also enabled though Extension:LDAPAuthentication2 this should have the same value as $LDAPAuthentication2UsernameNormalizer. Only used in case of auto-authentication provided by Extension:Auth remoteuser .

Domain config settings

Nazwa Domyślnie Opis
rules.groups.required [] Array of group DNs that are required to complete the login process. Belonging to one group is sufficient (logical OR) to be authorized.
rules.groups.excluded [] Array of group DNs that the user may not be member of to complete the login process. Belonging to one group is sufficient (logical OR) to be forbidden to log in.
rules.attributes {} This implements the "attributes mapping" rule from Extension:LDAP Authentication

Example:

{
    "&" : {
    	"status": "active",
    	"|": {
    		"department": [ "100", "200" ],
    		"level": [ "5", "6" ]
    	}
    }
}
rules.query "" Allows to provide a standard LDAP query to be tested against the user. Comparable to $wgLDAPAuthAttribute from Extension:LDAP Authentication

Example:

&(active=TRUE)(permissionAlias=cn=X,ou=Y,ou=accounts,dc=company,dc=local)

Example 1

If you want to configure this in LocalSettings.php you can extend the configuration for LDAPProvider like in this example:

$LDAPProviderDomainConfigProvider = function() {
	$config = [
		'LDAP' => [
			'connection' => [
				...
			],
			'authorization' => [
				'rules' => [
					'groups' => [
						'required' => [ "groupname" ]
					]
				]
			]
		]
	];
...

Example 2

Here is a complete example LocalSettings.php configuration for Active Directory:

$LDAPProviderDomainConfigProvider = function()
{
	$config =
	[
		"example.com" =>
		[
			"connection" =>
			[
				"server" => "ldap.example.com",
				"user" => "cn=ldap,cn=Users,dc=example,dc=com",
				"pass" => "password",
				"basedn" => "dc=example,dc=com",
				"groupbasedn" => "dc=example,dc=com",
				"userbasedn" => "dc=example,dc=com",
				"searchattribute" => "samaccountname",
				"searchstring" => "USER-NAME@example.com",
				"usernameattribute" => "samaccountname",
				"realnameattribute" => "cn",
				"emailattribute" => "mail",
				"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
			],
			"authorization" =>
			[
				"rules" =>
				[
					"groups" =>
					[
						"required" => [ "cn=Developers,cn=Users,dc=example,dc=com" ]
					]
				]
			],
			"groupsync" =>
			[
				"mechanism" => "mappedgroups",
				"mapping" =>
				[
					"sysop" => "cn=Developers,cn=Users,dc=example,dc=com",
					"bureaucrat" => "cn=Developers,cn=Users,dc=example,dc=com"
				]
			],
			"userinfo" =>
			[
				"email" => "mail",
				"realname" => "cn",
				"properties.gender" => "gender"
			]
		]
	];

	return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};

Versioning

LDAP Stack Extensions are targeted/qualified for MediaWiki LTS releases only.
However, this table helps to determine which extension-releases to use across all recent versions.

MediaWiki Release Recommended Extension Version Test Status Latest Test Date
1.35 (LTS) LDAPxxx_master Tested marzec 2020