Hello, I have Windows Server 2016, with IIS version 10, with PHP 8.3.3, with MediaWiki 1.41.0
i am new to setting all of this up and at points can be rather confusing.
i have been trying to set up LDAP and thus far used extensions LDAPProvider, LDAPAuthentication2, LDAPAuthorization.
with LDAPProvider, i also have a ldapprovider.json
FIRST, i'd like to know which extensions would best support the following:
after authenticating to LDAP/active directory, i want permissions set where certain users only have access to certain pages in the wiki
here's my LocalSettings.php and ldapprovider.json as currently i'm getting HTTP ERROR 500. any assistance would be appreciated...
<?php
# This file was automatically generated by the MediaWiki 1.41.0
# installer. If you make manual changes, please keep track in case you
# need to recreate them later.
#
# See includes/MainConfigSchema.php for all configurable settings
# and their default values, but don't forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# https://www.mediawiki.org/wiki/Manual:Configuration_settings
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
## Uncomment this to disable output compression
# $wgDisableOutputCompression = true;
$wgSitename = "raa ems wiki";
$wgMetaNamespace = "Raa ems wiki";
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "/raaemsitwiki/mediawiki-1.41.0";
## The protocol and server name to use in fully-qualified URLs
$wgServer = "XXX";
## The URL path to static resources (images, scripts, etc.)
$wgResourceBasePath = $wgScriptPath;
## The URL paths to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogos = [
'1x' => "$wgResourceBasePath/resources/assets/RAAEMS-Image.svg",
'icon' => "$wgResourceBasePath/resources/assets/RAAEMS-Image.svg",
];
## UPO means: this is also a user preference option
$wgEnableEmail = false;
$wgEnableUserEmail = false; # UPO
$wgEmergencyContact = "";
$wgPasswordSender = "";
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "raaemsitwiki";
$wgDBuser = "XXX";
$wgDBpassword = "XXX";
# MySQL specific settings
$wgDBprefix = "";
$wgDBssl = false;
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
# Shared database table
# This has no effect unless $wgSharedDB is also set.
$wgSharedTables[] = "actor";
## Shared memory settings
$wgMainCacheType = CACHE_NONE;
$wgMemCachedServers = [];
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = true;
#$wgUseImageMagick = true;
#$wgImageMagickConvertCommand = "/usr/bin/convert";
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
$wgUseInstantCommons = false;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
$wgPingback = false;
# Site language code, should be one of the list in ./includes/languages/data/Names.php
$wgLanguageCode = "en";
# Time zone
$wgLocaltimezone = "UTC";
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publicly accessible from the web.
#$wgCacheDirectory = "$IP/cache";
$wgSecretKey = "3f3c74223135b08da57eeffcc1fae44b00656ec470ff2b2abfc8b8286f82aa53";
# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "";
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
$wgUpgradeKey = "f697fe884146d13d";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff3 = "";
# The following permissions were set based on your choice in the installer
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
## Default skin: you can change the default skin. Use the internal symbolic
## names, e.g. 'vector' or 'monobook':
$wgDefaultSkin = "timeless";
# Enabled skins.
# The following skins were automatically enabled:
wfLoadSkin( 'Timeless' );
# Enabled extensions. Most of the extensions are enabled by adding
# wfLoadExtension( 'ExtensionName' );
# to LocalSettings.php. Check specific extension documentation for more details.
# The following extensions were automatically enabled:
wfLoadExtension( 'CategoryTree' );
wfLoadExtension( 'Cite' );
wfLoadExtension( 'CiteThisPage' );
wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'Echo' );
wfLoadExtension( 'InputBox' );
wfLoadExtension( 'Nuke' );
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'ReplaceText' );
wfLoadExtension( 'WikiEditor' );
wfLoadExtension( 'CSS' );
# End of automatically generated settings.
# Add more configuration options below.
# Enable LDAPProvider extension
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
//wfLoadExtension( 'LDAPAuthorization' );
//wfLoadExtension( 'Lockdown' );
# Configure LDAP settings
$LDAPProviderDomainConfigs = "$IP/extensions/LDAPProvider/ldapprovider.json";
$LDAPProviderPreSearchUsernameModifierRegistry['strtolower'] = function (&$username) {
$username = strtolower($username);
};
$wgLDAPProvider['CacheType'] = 'internal';
$wgLDAPProvider['CacheTime'] = 3600; // Cache LDAP queries for 1 hour
# LDAPAuthentication2 configuration
$LDAPAuthentication2AllowLocalLogin = false;
$LDAPAuthentication2UsernameNormalizer = 'strtolower';
$wgLDAPAuthentication2['authentication']['usernameattribute'] = 'samaccountName'; //Attribute in LDAP containing the username
************************
{
"raaric.org": {
"connection": {
"server": "XXX",
"port": "XXX",
"use-tls": "true",
"user": "CN=mediawiki,OU=XXX,DC=XXX,DC=XXX",
"pass": "XXX",
"enctype": "ssl",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "dc=XXX,dc=XXX",
"userbasedn": "dc=XXX,dc=XXX",
"groupbasedn": "dc=XXX,dc=XXX",
"searchattribute": "samaccountname",
"usernameattribute": "samaccountname",
"realnameattribute": "displayName",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"presearchusernamemodifiers": [ "strtolower" ]
}
}
}