From 1989612ad745f4f0061ac78ab8cb053100417a1f Mon Sep 17 00:00:00 2001 From: sodema Date: Mon, 28 Nov 2022 13:27:43 +0000 Subject: [PATCH] Initial Commit --- .gitignore | 1 + README.md | 3 + build/Dockerfile | 48 +++++++++++ build/include/LocalSettings.LDAP.php | 120 +++++++++++++++++++++++++++ build/include/install_wiki.sh | 18 ++++ docker-compose.yml | 66 +++++++++++++++ example.env | 18 ++++ run_install.sh | 9 ++ 8 files changed, 283 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 build/Dockerfile create mode 100644 build/include/LocalSettings.LDAP.php create mode 100644 build/include/install_wiki.sh create mode 100644 docker-compose.yml create mode 100644 example.env create mode 100755 run_install.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/README.md b/README.md new file mode 100644 index 0000000..9a88bbd --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# mediawiki-ldap + +cp example.env .env > set Variables > Build Container > Start Stack > run ./run_install.sh > connect to your Wiki URL > Login with LDAP diff --git a/build/Dockerfile b/build/Dockerfile new file mode 100644 index 0000000..917b3bd --- /dev/null +++ b/build/Dockerfile @@ -0,0 +1,48 @@ +FROM mediawiki:1.35.8 +MAINTAINER david.martin@sodema.de + +RUN apt-get update && apt-get -y install libldb-dev git && rm -rf /var/lib/apt/lists/* + +ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/ + +RUN chmod +x /usr/local/bin/install-php-extensions && \ + install-php-extensions ldap + +RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2 +RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization +RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups +RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider +RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll +RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo +RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth +RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser + +RUN if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi + + +RUN set -eux; \ + mkdir -p /log/mediawiki; \ + chown -R www-data:www-data /log/mediawiki + + +RUN touch '/log/mediawiki/resourceloader.log' +RUN touch '/log/mediawiki/exception.log' +RUN touch '/log/mediawiki/exception.json' +RUN touch '/log/mediawiki/LDAPAuthentication2.log' +RUN touch '/log/mediawiki/LDAPAuthorization.log' +RUN touch '/log/mediawiki/LDAPGroups.log' +RUN touch '/log/mediawiki/LDAPUserInfo.log' +RUN touch '/log/mediawiki/LDAPProvider.log' +RUN touch '/log/mediawiki/PluggableAuth.log' +RUN touch '/log/mediawiki/ldap.log' +RUN touch '/log/mediawiki/mw_debug.log' + +RUN chown -R www-data:www-data /log/mediawiki && chmod -R 0660 /log/mediawiki + +RUN set -eux; \ + mkdir -p /opt/mediawiki; \ + chown -R www-data:www-data /log/mediawiki + +ADD include/LocalSettings.LDAP.php /opt/mediawiki +ADD include/install_wiki.sh /opt/mediawiki/ +RUN chmod +x /opt/mediawiki/install_wiki.sh diff --git a/build/include/LocalSettings.LDAP.php b/build/include/LocalSettings.LDAP.php new file mode 100644 index 0000000..e727917 --- /dev/null +++ b/build/include/LocalSettings.LDAP.php @@ -0,0 +1,120 @@ + '/log/mediawiki/resourceloader.log', + 'exception' => '/log/mediawiki/exception.log', + 'exception-json' => '/log/mediawiki/exception.json', + 'LDAPAuthentication2' => '/log/mediawiki/LDAPAuthentication2.log', + 'LDAPAuthorization' => '/log/mediawiki/LDAPAuthorization.log', + 'LDAPGroups' => '/log/mediawiki/LDAPGroups.log', + 'LDAPUserInfo' => '/log/mediawiki/LDAPUserInfo.log', + 'LDAPProvider' => '/log/mediawiki/LDAPProvider.log', + 'PluggableAuth' => '/log/mediawiki/PluggableAuth.log', + 'LDAP' => '/log/mediawiki/ldap.log', + 'MediaWiki\\Extension\\LDAPProvider\\Client' => '/log/mediawiki/LDAPClient.log' + +); + + + +wfLoadExtensions( [ + 'LDAPAuthentication2', + 'LDAPAuthorization', + 'LDAPGroups', + 'LDAPProvider', + 'LDAPUserInfo', + 'PluggableAuth' +] ); + +$wgAuthRemoteuserDomain = "LDAP_DOMAINNAME"; +$wgAuthRemoteuserMailDomain = "LDAP_SERVER_NAME"; +$wgAuthRemoteuserNotify = true; + +#LDAPAuthorization +$wgLdapAuthDomainNames = "LDAP_DOMAINNAME"; +$wgLdapAuthIsActiveDirectory = 'false'; +$wgLdapAuthSearchTree = true ; + + +#PluggableAuth +$wgPluggableAuth_EnableAutoLogin = false ; +$wgPluggableAuth_EnableLocalProperties = false ; +$wgPluggableAuth_EnableLocalLogin = false ; +$wgPluggableAuth_ButtonLabel = "LDAP Log In"; # defaults to "Login with PluggableAuth " + + +#LDAPAuthentication2 +$LDAPAuthenticationAllowLocalLogin = true; +$LDAPAuthenticationUsernameNormalizer = 'strtolower'; + +$LDAPProviderDomainConfigProvider = function() { + $config = [ + "LDAP_DOMAINNAME" => [ + "connection" => [ + "server" => "LDAP_SERVER_NAME", + "port" => "LDAP_SERVER_PORT", + "enctype" => "LDAP_ENCTYPE", + "user" => LDAP_BIND_USER, + "pass" => LDAP_BIND_PASS, + "basedn" => "LDAP_BASE", + "userbasedn" => "LDAP_BASE", + "groupbasedn" => "LDAP_BASE", + "searchattribute" => "LDAP_USER_ATTR", + "usernameattribute" => "LDAP_USER_ATTR", + "realnameattribute" => "displayname", + "emailattribute" => "mail", + "grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory", + "nestedgroups" => true + ], + "authorization" => [ + "rules" => [ + "attributes" => [] + ] + ], + "userinfo" => [ + "attributes-map" => [ + "email" => "mail", + "realname" => "displayname" + ] + ], + "groupsync" => [ + "mechanism" => "allgroups" + ] + ] + ]; + return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config ); +}; + +$LDAPProviderCacheTime = 5; +$LDAPProviderCacheType = "CACHE_NONE" ; +$LDAPProviderDefaultDomain = "LDAP_DOMAINNAME" ; + + +# Group Permissions + +$wgGroupPermissions['*']['edit'] = false; + +$wgGroupPermissions['*']['createaccount'] = true; +$wgGroupPermissions['*']['autocreateaccount'] = true; + +$wgGroupPermissions['wiki-admins']['delete'] = true; +$wgGroupPermissions['wiki-admins']['undelete'] = true; +$wgGroupPermissions['wiki-admins']['undelete'] = true; +$wgGroupPermissions['wiki-admins']['editprotected'] = true; +$wgGroupPermissions['wiki-admins']['protect'] = true; + + + + +## Visual Editor Stuff + +wfLoadExtension( 'VisualEditor' ); +wfLoadExtension( 'WikiEditor' ); + + diff --git a/build/include/install_wiki.sh b/build/include/install_wiki.sh new file mode 100644 index 0000000..70113ad --- /dev/null +++ b/build/include/install_wiki.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +php maintenance/install.php --dbname=$DB_NAME --dbserver=$DB_HOST --installdbuser=$DB_USER --installdbpass=$DB_PASS --dbuser=$DB_USER --dbpass=$DB_PASS --server=$WIKI_URL --scriptpath=$WIKI_PATH --lang=$WIKI_LANG --pass=$WIKI_ADMIN_PASS $WIKI_NAME $WIKI_ADMIN + +if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi + +cp /opt/mediawiki/LocalSettings.LDAP.php /var/www/html/LocalSettings.LDAP.php +sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/LocalSettings.LDAP.php +sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/LocalSettings.LDAP.php +sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/LocalSettings.LDAP.php +sed -i "s/LDAP_ENCTYPE/$LDAP_ENCTYPE/g" /var/www/html/LocalSettings.LDAP.php +sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/LocalSettings.LDAP.php +sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/LocalSettings.LDAP.php +sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/LocalSettings.LDAP.php +sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/LocalSettings.LDAP.php +sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/LocalSettings.LDAP.php + +php maintenance/update.php --quick diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..f3c22d9 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,66 @@ +version: '3.3' +services: + mediawiki: + image: mediawiki-ldap:latest +# build: ./build/Dockerfile + container_name: mediawiki-app + restart: unless-stopped + environment: + - LDAP_BASE=${LDAP_BASE} + - LDAP_SERVER_NAME=${LDAP_SERVER_NAME} + - LDAP_SERVER_PORT=${LDAP_SERVER_PORT} + - LDAP_DOMAINNAME=${LDAP_DOMAINNAME} + - LDAP_ENCTYPE=${LDAP_ENCTYPE} + - LDAP_USER_ATTR=${LDAP_USER_ATTR} + - LDAP_BIND_USER=${LDAP_BIND_USER} + - LDAP_BIND_PASS=${LDAP_BIND_PASS} + - DB_HOST=${DB_HOST} + - DB_PORT=${DB_PORT} + - DB_NAME=${DB_NAME} + - DB_USER=${DB_USER} + - DB_PASS=${DB_PASS} + - WIKI_NAME=${WIKI_NAME} + - WIKI_ADMIN=${WIKI_ADMIN} + - WIKI_ADMIN_PASS=${WIKI_ADMIN_PASS} + - WIKI_URL=${WIKI_URL} + - WIKI_LANG=${WIKI_LANG} + labels: + - "traefik.enable=true" + - "traefik.http.routers.mediawiki.rule=Host(`wiki.katronic.de`)" + - "traefik.http.routers.mediawiki.entrypoints=websecure" + - "traefik.http.routers.mediawiki.tls.certresolver=mytlschallenge" + + volumes: + - mediawiki-data:/var/www/html/ + - mediawiki-logs:/log/mediawiki +# - /opt/docker-compose/mediawiki/php.ini:/usr/local/etc/php/conf.d/mediawiki.ini + expose: + - '80' + networks: + - proxy + + mariadb: + image: mariadb + container_name: mediawiki-db + restart: unless-stopped + networks: + - proxy + volumes: + - mediawiki-db:/var/lib/mysql + environment: + - MYSQL_DATABASE=${DB_NAME} + - MYSQL_USER=${DB_USER} + - MYSQL_PASSWORD=${DB_PASS} + - MYSQL_RANDOM_ROOT_PASSWORD='yes' + +volumes: + mediawiki-db: + driver: local + mediawiki-data: + driver: local + mediawiki-logs: + driver: local + +networks: + proxy: + external: true diff --git a/example.env b/example.env new file mode 100644 index 0000000..2e7ab15 --- /dev/null +++ b/example.env @@ -0,0 +1,18 @@ +LDAP_BASE=dc=yourdomain,dc=local +LDAP_SERVER_NAME=ldap.yourdomain.local +LDAP_SERVER_PORT=9636 +LDAP_DOMAINNAME=yourdomain.local +LDAP_ENCTYPE=ssl +LDAP_USER_ATTR=uid +LDAP_BIND_USER="uid=readonly,cn=users,dc=yourdomain,dc=local" +LDAP_BIND_PASS="SecretBindPassword" +DB_HOST=mediawiki-db +DB_PORT=3306 +DB_NAME=mediawiki +DB_USER=mediawiki +DB_PASS=SecretDBPass +WIKI_NAME=Yourdomain_Wiki +WIKI_ADMIN=Admin +WIKI_ADMIN_PASS=ChangeMe2022! +WIKI_URL=https://wiki.yourdomain.local +WIKI_LANG=de diff --git a/run_install.sh b/run_install.sh new file mode 100755 index 0000000..1b0cb44 --- /dev/null +++ b/run_install.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# start the installscript and create LocalSettings.php +# set CONT_NAME to your container_name variable from docker-compose.yml + +CONT_NAME=mediawiki-app + +docker exec $CONT_NAME /opt/mediawiki/install_wiki.sh +