Initial Commit

build/Dockerfile

@@ -0,0 +1,48 @@
+FROM mediawiki:1.35.8
+MAINTAINER david.martin@sodema.de
+
+RUN apt-get update && apt-get -y install libldb-dev git && rm -rf /var/lib/apt/lists/*
+
+ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
+
+RUN chmod +x /usr/local/bin/install-php-extensions && \
+    install-php-extensions ldap
+
+RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2
+RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization
+RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups
+RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider
+RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll
+RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo
+RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
+RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
+
+RUN if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi
+
+
+RUN set -eux; \
+        mkdir -p /log/mediawiki; \
+        chown -R www-data:www-data /log/mediawiki
+
+
+RUN touch '/log/mediawiki/resourceloader.log'
+RUN touch '/log/mediawiki/exception.log'
+RUN touch '/log/mediawiki/exception.json'
+RUN touch '/log/mediawiki/LDAPAuthentication2.log'
+RUN touch '/log/mediawiki/LDAPAuthorization.log'
+RUN touch '/log/mediawiki/LDAPGroups.log'
+RUN touch '/log/mediawiki/LDAPUserInfo.log'
+RUN touch '/log/mediawiki/LDAPProvider.log' 
+RUN touch '/log/mediawiki/PluggableAuth.log' 
+RUN touch '/log/mediawiki/ldap.log' 
+RUN touch '/log/mediawiki/mw_debug.log'
+
+RUN chown -R www-data:www-data /log/mediawiki && chmod -R 0660 /log/mediawiki
+
+RUN set -eux; \
+        mkdir -p /opt/mediawiki; \
+        chown -R www-data:www-data /log/mediawiki
+
+ADD include/LocalSettings.LDAP.php /opt/mediawiki
+ADD include/install_wiki.sh /opt/mediawiki/
+RUN chmod +x /opt/mediawiki/install_wiki.sh

build/include/LocalSettings.LDAP.php

@@ -0,0 +1,120 @@
+<?php
+
+# debug - set to true for debugging
+$wgShowExceptionDetails = false;
+$wgDebugToolbar = false;
+$wgShowDebug = false;
+$wgDevelopmentWarnings = false;
+
+$wgDebugLogGroups                 = array(
+     'resourceloader'             => '/log/mediawiki/resourceloader.log',
+     'exception'                  => '/log/mediawiki/exception.log',
+     'exception-json'             => '/log/mediawiki/exception.json',
+     'LDAPAuthentication2'        => '/log/mediawiki/LDAPAuthentication2.log',
+     'LDAPAuthorization'          => '/log/mediawiki/LDAPAuthorization.log',
+     'LDAPGroups'                 => '/log/mediawiki/LDAPGroups.log',
+     'LDAPUserInfo'               => '/log/mediawiki/LDAPUserInfo.log',
+     'LDAPProvider'               => '/log/mediawiki/LDAPProvider.log',
+     'PluggableAuth'              => '/log/mediawiki/PluggableAuth.log',
+     'LDAP'                       => '/log/mediawiki/ldap.log',
+     'MediaWiki\\Extension\\LDAPProvider\\Client' => '/log/mediawiki/LDAPClient.log'
+
+);
+
+
+
+wfLoadExtensions( [
+	'LDAPAuthentication2',
+	'LDAPAuthorization',
+	'LDAPGroups',
+	'LDAPProvider',
+	'LDAPUserInfo',
+	'PluggableAuth'
+] );
+
+$wgAuthRemoteuserDomain = "LDAP_DOMAINNAME";
+$wgAuthRemoteuserMailDomain =  "LDAP_SERVER_NAME";
+$wgAuthRemoteuserNotify = true;
+
+#LDAPAuthorization
+$wgLdapAuthDomainNames = "LDAP_DOMAINNAME";
+$wgLdapAuthIsActiveDirectory  = 'false';
+$wgLdapAuthSearchTree         =  true ;
+
+
+#PluggableAuth
+$wgPluggableAuth_EnableAutoLogin  = false ;
+$wgPluggableAuth_EnableLocalProperties = false ;
+$wgPluggableAuth_EnableLocalLogin = false ;
+$wgPluggableAuth_ButtonLabel = "LDAP Log In"; # defaults to "Login with PluggableAuth "
+
+
+#LDAPAuthentication2
+$LDAPAuthenticationAllowLocalLogin = true;
+$LDAPAuthenticationUsernameNormalizer = 'strtolower';
+
+$LDAPProviderDomainConfigProvider = function() {
+	$config = [
+		"LDAP_DOMAINNAME" => [
+			"connection" => [
+				"server" => "LDAP_SERVER_NAME",
+				"port" => "LDAP_SERVER_PORT",
+                                "enctype" => "LDAP_ENCTYPE",
+				"user" => LDAP_BIND_USER,
+				"pass" => LDAP_BIND_PASS,
+				"basedn" => "LDAP_BASE",
+				"userbasedn" => "LDAP_BASE",
+				"groupbasedn" => "LDAP_BASE",
+				"searchattribute" => "LDAP_USER_ATTR",
+				"usernameattribute" => "LDAP_USER_ATTR",
+				"realnameattribute" => "displayname",
+				"emailattribute" => "mail",
+				"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
+				"nestedgroups" => true
+			],
+			"authorization" => [
+                                "rules" => [
+                                        "attributes" => []
+                                ]
+			],
+			"userinfo" => [
+				"attributes-map" => [
+					"email" => "mail",
+					"realname" => "displayname"
+				]
+			],
+			"groupsync" => [
+				"mechanism" => "allgroups"
+			]
+		]
+	];
+	return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
+};
+
+$LDAPProviderCacheTime = 5;
+$LDAPProviderCacheType            = "CACHE_NONE" ;
+$LDAPProviderDefaultDomain        = "LDAP_DOMAINNAME" ;
+
+
+# Group Permissions
+
+$wgGroupPermissions['*']['edit'] = false;
+
+$wgGroupPermissions['*']['createaccount'] = true;
+$wgGroupPermissions['*']['autocreateaccount'] = true;
+
+$wgGroupPermissions['wiki-admins']['delete'] = true;
+$wgGroupPermissions['wiki-admins']['undelete'] = true;
+$wgGroupPermissions['wiki-admins']['undelete'] = true;
+$wgGroupPermissions['wiki-admins']['editprotected'] = true;
+$wgGroupPermissions['wiki-admins']['protect'] = true;
+
+
+
+
+## Visual Editor Stuff
+
+wfLoadExtension( 'VisualEditor' );
+wfLoadExtension( 'WikiEditor' );
+
+

build/include/install_wiki.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+php maintenance/install.php --dbname=$DB_NAME --dbserver=$DB_HOST --installdbuser=$DB_USER --installdbpass=$DB_PASS --dbuser=$DB_USER --dbpass=$DB_PASS --server=$WIKI_URL --scriptpath=$WIKI_PATH --lang=$WIKI_LANG --pass=$WIKI_ADMIN_PASS $WIKI_NAME $WIKI_ADMIN
+
+if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi
+
+cp /opt/mediawiki/LocalSettings.LDAP.php /var/www/html/LocalSettings.LDAP.php
+sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/LocalSettings.LDAP.php
+sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/LocalSettings.LDAP.php
+sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/LocalSettings.LDAP.php
+sed -i "s/LDAP_ENCTYPE/$LDAP_ENCTYPE/g" /var/www/html/LocalSettings.LDAP.php
+sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/LocalSettings.LDAP.php
+sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/LocalSettings.LDAP.php
+sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/LocalSettings.LDAP.php
+sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/LocalSettings.LDAP.php
+sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/LocalSettings.LDAP.php
+
+php maintenance/update.php --quick