Updated to 1.39

README.md

@@ -1,25 +1,24 @@
-# mediawiki-ldap
+# mediawiki-extended
 
 The goal of this container is to have an easily deploayble mediawiki with the extensions for LDAP already integrated.
-I had to install mediawiki for multiple customers and got frustrated fiddling with the LDAP extensions everytime.
 
 ## Features
 
-- Based on https://github.com/wikimedia/mediawiki-docker
+- Based on https://github.com/sodema/mediawiki-ldap
 - A docker-compose file to run directly
 - integrated LDAPAuthentication2, LDAPAuthorization, LDAPGroups, LDAPProvider, LDAPSyncAll, LDAPUserInfo, PluggableAuth, Auth_remoteuser from official Mediawiki git
 - All LDAP related settings are handled via .env file
 - Custom LocalSettings.LDAP.php which includes all the tweaks for connecting to LDAP
 - One-Klick installer / doensn't use the web based installation procedure
 - persistent volumes, so you can edit LocalSettings.php & LocalSettings.LDAP.php
-- 
+- Also includes ExternalData, Cite, Cargo, Math, and PageForms extensions
 
 ## Usage
 
 ```
-git clone https://github.com/sodema/mediawiki-ldap.git
-cd mediawiki-ldap
-docker build build/. -t mediawiki-ldap:latest
+git clone https://gitea.eom.dev/DevOps/mediawiki-extended.git
+cd mediawiki-extended
+docker build build/. -t mediawiki-extended:latest
 mv example.env .env
 (vi/nano/???) .env
 (vi/nano/???) docker-compose.yml
@@ -28,7 +27,7 @@ docker logs -f mediawiki-db
 docker logs -f mediawiki-app
 ./run_install.sh
 ```
-Instead of building yourself you can also just `docker pull sodema/mediawiki-ldap:latest`
+Instead of building yourself you can also just `docker pull ericomeehan/mediawiki-extended:latest`
 
 
 ## Environment Variables
@@ -44,6 +43,12 @@ LDAP_ENCTYPE=ssl                                                  # Encryption t
 LDAP_USER_ATTR=uid                                                # Attribute to identify user 'uid' or 'cn'
 LDAP_BIND_USER="uid=readonly,cn=users,dc=yourdomain,dc=local"     # User to bind to LDAP
 LDAP_BIND_PASS="SecretBindPassword"                               # Bind Password
+LDAP_SEARCH_FILTER="(&(objectClass=inetOrgPerson))"		  # Search filter
+LDAP_MAIL_ATTR=mail						  # Email attribute
+LDAP_REAL_NAME_ATTR=givenName					  # First name attribute
+LDAP_BUREAUCRAT_GROUP="cn=bureaucrat,ou=groups,dc=example,dc=com" # Bureaucrat group mapping
+LDAP_INTERFACE_ADMIN_GROUP="cn=admin,ou=groups,dc=example,dc=com" # Interface admin group mapping
+LDAP_SYSOP_GROUP="cn=sysop,ou=groups,dc=example,dc=com"		  # Sysop group mapping
 DB_HOST=mediawiki-db                                              # Hostname of DB server
 DB_PORT=3306                                                      # DB server Port
 DB_NAME=mediawiki                                                 # Name of your Wiki DB

build/Dockerfile

@@ -1,5 +1,4 @@
-FROM mediawiki:1.35.8
-MAINTAINER david.martin@sodema.de
+FROM mediawiki:lts
 
 RUN apt-get update && apt-get -y install libldb-dev git && rm -rf /var/lib/apt/lists/*
 
@@ -8,14 +7,17 @@ ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/do
 RUN chmod +x /usr/local/bin/install-php-extensions && \
     install-php-extensions ldap
 
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-ExternalData.git /var/www/html/extensions/ExternalData
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-PageForms.git /var/www/html/extensions/PageForms
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-Cargo.git /var/www/html/extensions/Cargo
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
 
 
 

build/include/install_wiki.sh

@@ -13,7 +13,6 @@ do
   echo "$ext activated"
 done
 
-
 sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
 sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
 sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/settings.d/LocalSettings.LDAP.php
@@ -22,6 +21,12 @@ sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/settings.d/LocalSettin
 sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/settings.d/LocalSettings.LDAP.php
 sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/settings.d/LocalSettings.LDAP.php
 sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_REAL_NAME_ATTR/$LDAP_REAL_NAME_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_MAIL_ATTR/$LDAP_MAIL_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_BUREAUCRAT_GROUP/$LDAP_BUREAUCRAT_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_INTERFACE_ADMIN_GROUP/$LDAP_INTERFACE_ADMIN_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_SYSOP_GROUP/$LDAP_SYSOP_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_SEARCH_FILTER/$LDAP_SEARCH_FILTER/g" /var/www/html/settings.d/LocalSettings.LDAP.php
 sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/settings.d/LocalSettings.LDAP.php
 
 php maintenance/update.php --quick

build/include/settings.d/LocalSettings.LDAP.php

@@ -44,13 +44,6 @@ $wgLdapAuthIsActiveDirectory  = 'false';
 $wgLdapAuthSearchTree         =  true ;
 
 
-#PluggableAuth
-$wgPluggableAuth_EnableAutoLogin  = false ;
-$wgPluggableAuth_EnableLocalProperties = false ;
-$wgPluggableAuth_EnableLocalLogin = false ;
-$wgPluggableAuth_ButtonLabel = "LDAP Log In"; # defaults to "Login with PluggableAuth "
-
-
 #LDAPAuthentication2
 $LDAPAuthenticationAllowLocalLogin = true;
 $LDAPAuthenticationUsernameNormalizer = 'strtolower';
@@ -62,15 +55,15 @@ $LDAPProviderDomainConfigProvider = function() {
 				"server" => "LDAP_SERVER_NAME",
 				"port" => "LDAP_SERVER_PORT",
                                 "enctype" => "LDAP_ENCTYPE",
-				"user" => LDAP_BIND_USER,
-				"pass" => LDAP_BIND_PASS,
+				"user" => "LDAP_BIND_USER",
+				"pass" => "LDAP_BIND_PASS",
 				"basedn" => "LDAP_BASE",
 				"userbasedn" => "LDAP_BASE",
 				"groupbasedn" => "LDAP_BASE",
 				"searchattribute" => "LDAP_USER_ATTR",
 				"usernameattribute" => "LDAP_USER_ATTR",
-				"realnameattribute" => "displayname",
-				"emailattribute" => "mail",
+				"realnameattribute" => "LDAP_REAL_NAME_ATTR",
+				"emailattribute" => "LDAP_MAIL_ATTR",
 				"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
 				"nestedgroups" => true
 			],
@@ -81,12 +74,16 @@ $LDAPProviderDomainConfigProvider = function() {
 			],
 			"userinfo" => [
 				"attributes-map" => [
-					"email" => "mail",
-					"realname" => "displayname"
+					"email" => "LDAP_MAIL_ATTR",
+					"realname" => "LDAP_REAL_NAME_ATTR"
 				]
 			],
 			"groupsync" => [
-				"mechanism" => "allgroups"
+				"mapping" => [
+					"bureaucrat" => "LDAP_BUREAUCRAT_GROUP",
+					"interface-admin" => "LDAP_INTERFACE_ADMIN_GROUP",
+					"sysop" => "LDAP_SYSOP_GROUP"
+				]
 			]
 		]
 	];
@@ -96,27 +93,62 @@ $LDAPProviderDomainConfigProvider = function() {
 $LDAPProviderCacheTime = 5;
 $LDAPProviderCacheType            = "CACHE_NONE" ;
 $LDAPProviderDefaultDomain        = "LDAP_DOMAINNAME" ;
+$wgLdapAuthSearchFilter = 'LDAP_SEARCH_FILTER';
+
+#PluggableAuth
+$wgPluggableAuth_EnableAutoLogin  = false ;
+$wgPluggableAuth_EnableLocalProperties = false ;
+$wgPluggableAuth_EnableLocalLogin = false ;
+$wgPluggableAuth_Config = array(
+      array(
+        'plugin' => 'LDAPAuthentication2',
+        'buttonLabelMessage' => 'pt-login-button',
+        'data' => ['domain'=> $LDAPProviderDefaultDomain]
+         ),
+      array('plugin' => 'LDAPAuthorization'),
+    );
 
 
 # Group Permissions
 
 $wgGroupPermissions['*']['edit'] = false;
 
-$wgGroupPermissions['*']['createaccount'] = true;
+$wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['*']['autocreateaccount'] = true;
 
-$wgGroupPermissions['wiki-admins']['delete'] = true;
-$wgGroupPermissions['wiki-admins']['undelete'] = true;
-$wgGroupPermissions['wiki-admins']['undelete'] = true;
-$wgGroupPermissions['wiki-admins']['editprotected'] = true;
-$wgGroupPermissions['wiki-admins']['protect'] = true;
-
 
 
 
 ## Visual Editor Stuff
 
-wfLoadExtension( 'VisualEditor' );
-wfLoadExtension( 'WikiEditor' );
+#wfLoadExtension( 'VisualEditor' );
+#wfLoadExtension( 'WikiEditor' );
 
+## Eric's extensions
+$wgFavicon = "$wgResourceBasePath/resources/assets/mediawiki.png";
+$wgLogos = [ '1x' => "$wgResourceBasePath/resources/assets/mediawiki.png" ];
+$wgAllowExternalImages = true;
+$wgUseInstantCommons = true;
+$wgLocaltimezone = 'America/New_York';
+$wgFragmentMode = [ 'html5' ];
+$wgCapitalLinks = false;
+
+$wgExternalDataSources['LDAP_SERVER_NAME'] = [
+	'server'	=> 'LDAP_SERVER_NAME',
+	'base dn'	=> 'LDAP_BASE',
+	'user'		=> 'LDAP_BIND_USER',
+	'password'	=> 'LDAP_BIND_PASS'
+];
+
+wfLoadExtension( 'Cargo' );
+wfLoadExtension( 'CategoryTree' );
+wfLoadExtension( 'Cite' );
+wfLoadExtension( 'CiteThisPage' );
+wfLoadExtension( 'ExternalData' );
+wfLoadExtension( 'Interwiki' );
+wfLoadExtension( 'MultimediaViewer' );
+wfLoadExtension( 'PageForms' );
+wfLoadExtension( 'ParserFunctions' );
+wfLoadExtension( 'TemplateData' );
+wfLoadExtension( 'TextExtracts' );