Compare commits
4 Commits
1932783d17
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 86ecd058b1 | |||
| 06765bc507 | |||
| a01de1158d | |||
| 5a7f4a4d09 |
21
README.md
21
README.md
@@ -1,25 +1,24 @@
|
|||||||
# mediawiki-ldap
|
# mediawiki-extended
|
||||||
|
|
||||||
The goal of this container is to have an easily deploayble mediawiki with the extensions for LDAP already integrated.
|
The goal of this container is to have an easily deploayble mediawiki with the extensions for LDAP already integrated.
|
||||||
I had to install mediawiki for multiple customers and got frustrated fiddling with the LDAP extensions everytime.
|
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
- Based on https://github.com/wikimedia/mediawiki-docker
|
- Based on https://github.com/sodema/mediawiki-ldap
|
||||||
- A docker-compose file to run directly
|
- A docker-compose file to run directly
|
||||||
- integrated LDAPAuthentication2, LDAPAuthorization, LDAPGroups, LDAPProvider, LDAPSyncAll, LDAPUserInfo, PluggableAuth, Auth_remoteuser from official Mediawiki git
|
- integrated LDAPAuthentication2, LDAPAuthorization, LDAPGroups, LDAPProvider, LDAPSyncAll, LDAPUserInfo, PluggableAuth, Auth_remoteuser from official Mediawiki git
|
||||||
- All LDAP related settings are handled via .env file
|
- All LDAP related settings are handled via .env file
|
||||||
- Custom LocalSettings.LDAP.php which includes all the tweaks for connecting to LDAP
|
- Custom LocalSettings.LDAP.php which includes all the tweaks for connecting to LDAP
|
||||||
- One-Klick installer / doensn't use the web based installation procedure
|
- One-Klick installer / doensn't use the web based installation procedure
|
||||||
- persistent volumes, so you can edit LocalSettings.php & LocalSettings.LDAP.php
|
- persistent volumes, so you can edit LocalSettings.php & LocalSettings.LDAP.php
|
||||||
-
|
- Also includes ExternalData, Cite, Cargo, Math, and PageForms extensions
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
```
|
```
|
||||||
git clone https://github.com/sodema/mediawiki-ldap.git
|
git clone https://gitea.eom.dev/DevOps/mediawiki-extended.git
|
||||||
cd mediawiki-ldap
|
cd mediawiki-extended
|
||||||
docker build build/. -t mediawiki-ldap:latest
|
docker build build/. -t mediawiki-extended:latest
|
||||||
mv example.env .env
|
mv example.env .env
|
||||||
(vi/nano/???) .env
|
(vi/nano/???) .env
|
||||||
(vi/nano/???) docker-compose.yml
|
(vi/nano/???) docker-compose.yml
|
||||||
@@ -28,7 +27,7 @@ docker logs -f mediawiki-db
|
|||||||
docker logs -f mediawiki-app
|
docker logs -f mediawiki-app
|
||||||
./run_install.sh
|
./run_install.sh
|
||||||
```
|
```
|
||||||
Instead of building yourself you can also just `docker pull sodema/mediawiki-ldap:latest`
|
Instead of building yourself you can also just `docker pull ericomeehan/mediawiki-extended:latest`
|
||||||
|
|
||||||
|
|
||||||
## Environment Variables
|
## Environment Variables
|
||||||
@@ -44,6 +43,12 @@ LDAP_ENCTYPE=ssl # Encryption t
|
|||||||
LDAP_USER_ATTR=uid # Attribute to identify user 'uid' or 'cn'
|
LDAP_USER_ATTR=uid # Attribute to identify user 'uid' or 'cn'
|
||||||
LDAP_BIND_USER="uid=readonly,cn=users,dc=yourdomain,dc=local" # User to bind to LDAP
|
LDAP_BIND_USER="uid=readonly,cn=users,dc=yourdomain,dc=local" # User to bind to LDAP
|
||||||
LDAP_BIND_PASS="SecretBindPassword" # Bind Password
|
LDAP_BIND_PASS="SecretBindPassword" # Bind Password
|
||||||
|
LDAP_SEARCH_FILTER="(&(objectClass=inetOrgPerson))" # Search filter
|
||||||
|
LDAP_MAIL_ATTR=mail # Email attribute
|
||||||
|
LDAP_REAL_NAME_ATTR=givenName # First name attribute
|
||||||
|
LDAP_BUREAUCRAT_GROUP="cn=bureaucrat,ou=groups,dc=example,dc=com" # Bureaucrat group mapping
|
||||||
|
LDAP_INTERFACE_ADMIN_GROUP="cn=admin,ou=groups,dc=example,dc=com" # Interface admin group mapping
|
||||||
|
LDAP_SYSOP_GROUP="cn=sysop,ou=groups,dc=example,dc=com" # Sysop group mapping
|
||||||
DB_HOST=mediawiki-db # Hostname of DB server
|
DB_HOST=mediawiki-db # Hostname of DB server
|
||||||
DB_PORT=3306 # DB server Port
|
DB_PORT=3306 # DB server Port
|
||||||
DB_NAME=mediawiki # Name of your Wiki DB
|
DB_NAME=mediawiki # Name of your Wiki DB
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
FROM mediawiki:1.35.8
|
FROM mediawiki:lts
|
||||||
MAINTAINER david.martin@sodema.de
|
|
||||||
|
|
||||||
RUN apt-get update && apt-get -y install libldb-dev git && rm -rf /var/lib/apt/lists/*
|
RUN apt-get update && apt-get -y install libldb-dev git && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
@@ -8,14 +7,17 @@ ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/do
|
|||||||
RUN chmod +x /usr/local/bin/install-php-extensions && \
|
RUN chmod +x /usr/local/bin/install-php-extensions && \
|
||||||
install-php-extensions ldap
|
install-php-extensions ldap
|
||||||
|
|
||||||
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-ExternalData.git /var/www/html/extensions/ExternalData
|
||||||
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-PageForms.git /var/www/html/extensions/PageForms
|
||||||
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-Cargo.git /var/www/html/extensions/Cargo
|
||||||
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2
|
||||||
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization
|
||||||
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups
|
||||||
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider
|
||||||
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll
|
||||||
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo
|
||||||
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
|
||||||
|
RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -13,7 +13,6 @@ do
|
|||||||
echo "$ext activated"
|
echo "$ext activated"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
@@ -22,6 +21,12 @@ sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/settings.d/LocalSettin
|
|||||||
sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
|
sed -i "s/LDAP_REAL_NAME_ATTR/$LDAP_REAL_NAME_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
|
sed -i "s/LDAP_MAIL_ATTR/$LDAP_MAIL_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
|
sed -i "s/LDAP_BUREAUCRAT_GROUP/$LDAP_BUREAUCRAT_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
|
sed -i "s/LDAP_INTERFACE_ADMIN_GROUP/$LDAP_INTERFACE_ADMIN_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
|
sed -i "s/LDAP_SYSOP_GROUP/$LDAP_SYSOP_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
|
sed -i "s/LDAP_SEARCH_FILTER/$LDAP_SEARCH_FILTER/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/settings.d/LocalSettings.LDAP.php
|
||||||
|
|
||||||
php maintenance/update.php --quick
|
php maintenance/update.php --quick
|
||||||
|
|||||||
@@ -44,13 +44,6 @@ $wgLdapAuthIsActiveDirectory = 'false';
|
|||||||
$wgLdapAuthSearchTree = true ;
|
$wgLdapAuthSearchTree = true ;
|
||||||
|
|
||||||
|
|
||||||
#PluggableAuth
|
|
||||||
$wgPluggableAuth_EnableAutoLogin = false ;
|
|
||||||
$wgPluggableAuth_EnableLocalProperties = false ;
|
|
||||||
$wgPluggableAuth_EnableLocalLogin = false ;
|
|
||||||
$wgPluggableAuth_ButtonLabel = "LDAP Log In"; # defaults to "Login with PluggableAuth "
|
|
||||||
|
|
||||||
|
|
||||||
#LDAPAuthentication2
|
#LDAPAuthentication2
|
||||||
$LDAPAuthenticationAllowLocalLogin = true;
|
$LDAPAuthenticationAllowLocalLogin = true;
|
||||||
$LDAPAuthenticationUsernameNormalizer = 'strtolower';
|
$LDAPAuthenticationUsernameNormalizer = 'strtolower';
|
||||||
@@ -62,15 +55,15 @@ $LDAPProviderDomainConfigProvider = function() {
|
|||||||
"server" => "LDAP_SERVER_NAME",
|
"server" => "LDAP_SERVER_NAME",
|
||||||
"port" => "LDAP_SERVER_PORT",
|
"port" => "LDAP_SERVER_PORT",
|
||||||
"enctype" => "LDAP_ENCTYPE",
|
"enctype" => "LDAP_ENCTYPE",
|
||||||
"user" => LDAP_BIND_USER,
|
"user" => "LDAP_BIND_USER",
|
||||||
"pass" => LDAP_BIND_PASS,
|
"pass" => "LDAP_BIND_PASS",
|
||||||
"basedn" => "LDAP_BASE",
|
"basedn" => "LDAP_BASE",
|
||||||
"userbasedn" => "LDAP_BASE",
|
"userbasedn" => "LDAP_BASE",
|
||||||
"groupbasedn" => "LDAP_BASE",
|
"groupbasedn" => "LDAP_BASE",
|
||||||
"searchattribute" => "LDAP_USER_ATTR",
|
"searchattribute" => "LDAP_USER_ATTR",
|
||||||
"usernameattribute" => "LDAP_USER_ATTR",
|
"usernameattribute" => "LDAP_USER_ATTR",
|
||||||
"realnameattribute" => "displayname",
|
"realnameattribute" => "LDAP_REAL_NAME_ATTR",
|
||||||
"emailattribute" => "mail",
|
"emailattribute" => "LDAP_MAIL_ATTR",
|
||||||
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
|
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
|
||||||
"nestedgroups" => true
|
"nestedgroups" => true
|
||||||
],
|
],
|
||||||
@@ -81,12 +74,16 @@ $LDAPProviderDomainConfigProvider = function() {
|
|||||||
],
|
],
|
||||||
"userinfo" => [
|
"userinfo" => [
|
||||||
"attributes-map" => [
|
"attributes-map" => [
|
||||||
"email" => "mail",
|
"email" => "LDAP_MAIL_ATTR",
|
||||||
"realname" => "displayname"
|
"realname" => "LDAP_REAL_NAME_ATTR"
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
"groupsync" => [
|
"groupsync" => [
|
||||||
"mechanism" => "allgroups"
|
"mapping" => [
|
||||||
|
"bureaucrat" => "LDAP_BUREAUCRAT_GROUP",
|
||||||
|
"interface-admin" => "LDAP_INTERFACE_ADMIN_GROUP",
|
||||||
|
"sysop" => "LDAP_SYSOP_GROUP"
|
||||||
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
];
|
];
|
||||||
@@ -96,27 +93,62 @@ $LDAPProviderDomainConfigProvider = function() {
|
|||||||
$LDAPProviderCacheTime = 5;
|
$LDAPProviderCacheTime = 5;
|
||||||
$LDAPProviderCacheType = "CACHE_NONE" ;
|
$LDAPProviderCacheType = "CACHE_NONE" ;
|
||||||
$LDAPProviderDefaultDomain = "LDAP_DOMAINNAME" ;
|
$LDAPProviderDefaultDomain = "LDAP_DOMAINNAME" ;
|
||||||
|
$wgLdapAuthSearchFilter = 'LDAP_SEARCH_FILTER';
|
||||||
|
|
||||||
|
#PluggableAuth
|
||||||
|
$wgPluggableAuth_EnableAutoLogin = false ;
|
||||||
|
$wgPluggableAuth_EnableLocalProperties = false ;
|
||||||
|
$wgPluggableAuth_EnableLocalLogin = false ;
|
||||||
|
$wgPluggableAuth_Config = array(
|
||||||
|
array(
|
||||||
|
'plugin' => 'LDAPAuthentication2',
|
||||||
|
'buttonLabelMessage' => 'pt-login-button',
|
||||||
|
'data' => ['domain'=> $LDAPProviderDefaultDomain]
|
||||||
|
),
|
||||||
|
array('plugin' => 'LDAPAuthorization'),
|
||||||
|
);
|
||||||
|
|
||||||
|
|
||||||
# Group Permissions
|
# Group Permissions
|
||||||
|
|
||||||
$wgGroupPermissions['*']['edit'] = false;
|
$wgGroupPermissions['*']['edit'] = false;
|
||||||
|
|
||||||
$wgGroupPermissions['*']['createaccount'] = true;
|
$wgGroupPermissions['*']['createaccount'] = false;
|
||||||
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||||
|
|
||||||
$wgGroupPermissions['wiki-admins']['delete'] = true;
|
|
||||||
$wgGroupPermissions['wiki-admins']['undelete'] = true;
|
|
||||||
$wgGroupPermissions['wiki-admins']['undelete'] = true;
|
|
||||||
$wgGroupPermissions['wiki-admins']['editprotected'] = true;
|
|
||||||
$wgGroupPermissions['wiki-admins']['protect'] = true;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Visual Editor Stuff
|
## Visual Editor Stuff
|
||||||
|
|
||||||
wfLoadExtension( 'VisualEditor' );
|
#wfLoadExtension( 'VisualEditor' );
|
||||||
wfLoadExtension( 'WikiEditor' );
|
#wfLoadExtension( 'WikiEditor' );
|
||||||
|
|
||||||
|
## Eric's extensions
|
||||||
|
$wgFavicon = "$wgResourceBasePath/resources/assets/mediawiki.png";
|
||||||
|
$wgLogos = [ '1x' => "$wgResourceBasePath/resources/assets/mediawiki.png" ];
|
||||||
|
$wgAllowExternalImages = true;
|
||||||
|
$wgUseInstantCommons = true;
|
||||||
|
$wgLocaltimezone = 'America/New_York';
|
||||||
|
$wgFragmentMode = [ 'html5' ];
|
||||||
|
$wgCapitalLinks = false;
|
||||||
|
|
||||||
|
$wgExternalDataSources['LDAP_SERVER_NAME'] = [
|
||||||
|
'server' => 'LDAP_SERVER_NAME',
|
||||||
|
'base dn' => 'LDAP_BASE',
|
||||||
|
'user' => 'LDAP_BIND_USER',
|
||||||
|
'password' => 'LDAP_BIND_PASS'
|
||||||
|
];
|
||||||
|
|
||||||
|
wfLoadExtension( 'Cargo' );
|
||||||
|
wfLoadExtension( 'CategoryTree' );
|
||||||
|
wfLoadExtension( 'Cite' );
|
||||||
|
wfLoadExtension( 'CiteThisPage' );
|
||||||
|
wfLoadExtension( 'ExternalData' );
|
||||||
|
wfLoadExtension( 'Interwiki' );
|
||||||
|
wfLoadExtension( 'MultimediaViewer' );
|
||||||
|
wfLoadExtension( 'PageForms' );
|
||||||
|
wfLoadExtension( 'ParserFunctions' );
|
||||||
|
wfLoadExtension( 'TemplateData' );
|
||||||
|
wfLoadExtension( 'TextExtracts' );
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user