changed install_wiki.sh, modified the way additional configs get loaded to make room for further customization

Added comments to the Environment Variables

README.md

@@ -1,3 +1,58 @@
 # mediawiki-ldap
 
-cp example.env .env > set Variables > Build Container > Start Stack > run ./run_install.sh > connect to your Wiki URL > Login with LDAP
+The goal of this container is to have an easily deploayble mediawiki with the extensions for LDAP already integrated.
+I had to install mediawiki for multiple customers and got frustrated fiddling with the LDAP extensions everytime.
+
+## Features
+
+- Based on https://github.com/wikimedia/mediawiki-docker
+- A docker-compose file to run directly
+- integrated LDAPAuthentication2, LDAPAuthorization, LDAPGroups, LDAPProvider, LDAPSyncAll, LDAPUserInfo, PluggableAuth, Auth_remoteuser from official Mediawiki git
+- All LDAP related settings are handled via .env file
+- Custom LocalSettings.LDAP.php which includes all the tweaks for connecting to LDAP
+- One-Klick installer / doensn't use the web based installation procedure
+- persistent volumes, so you can edit LocalSettings.php & LocalSettings.LDAP.php
+- 
+
+## Usage
+
+```
+git clone https://github.com/sodema/mediawiki-ldap.git
+cd mediawiki-ldap
+docker build build/. -t mediawiki-ldap:latest
+mv example.env .env
+(vi/nano/???) .env
+(vi/nano/???) docker-compose.yml
+docker-compose up -d
+docker logs -f mediawiki-db
+docker logs -f mediawiki-app
+./run_install.sh
+```
+Instead of building yourself you can also just `docker pull sodema/mediawiki-ldap:latest`
+
+
+## Environment Variables
+
+These are the variables that need to be set:
+
+```
+LDAP_BASE=dc=yourdomain,dc=local                                  # BASE DN
+LDAP_SERVER_NAME=ldap.yourdomain.local                            # FQDN of your LDAP server
+LDAP_SERVER_PORT=9636                                             # Port of your LDAP server
+LDAP_DOMAINNAME=yourdomain.local                                  # Name of your domain
+LDAP_ENCTYPE=ssl                                                  # Encryption type 'ldapi', 'ssl', 'tls', or 'clear'
+LDAP_USER_ATTR=uid                                                # Attribute to identify user 'uid' or 'cn'
+LDAP_BIND_USER="uid=readonly,cn=users,dc=yourdomain,dc=local"     # User to bind to LDAP
+LDAP_BIND_PASS="SecretBindPassword"                               # Bind Password
+DB_HOST=mediawiki-db                                              # Hostname of DB server
+DB_PORT=3306                                                      # DB server Port
+DB_NAME=mediawiki                                                 # Name of your Wiki DB
+DB_USER=mediawiki                                                 # DB User
+DB_PASS=SecretDBPass                                              # DB Password
+WIKI_NAME=Yourdomain_Wiki                                         # Name of your wiki
+WIKI_ADMIN=Admin                                                  # Username of local admin (local login must be enabled first)
+WIKI_ADMIN_PASS=ChangeMe2022!                                     # Password for local admin
+WIKI_URL=https://wiki.yourdomain.local                            # URL and Protocol where your Wiki sits (if behind reverse proxy choose https)
+WIKI_LANG=de                                                      # Language for your wiki
+
+```

build/Dockerfile

@@ -17,7 +17,7 @@ RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions
 RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
 RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
 
-RUN if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi
+
 
 
 RUN set -eux; \
@@ -34,6 +34,8 @@ RUN touch '/log/mediawiki/LDAPGroups.log'
 RUN touch '/log/mediawiki/LDAPUserInfo.log'
 RUN touch '/log/mediawiki/LDAPProvider.log' 
 RUN touch '/log/mediawiki/PluggableAuth.log' 
+RUN touch '/log/mediawiki/LDAPSyncAll.log'
+RUN touch '/log/mediawiki/Auth_remoteuser.log'
 RUN touch '/log/mediawiki/ldap.log' 
 RUN touch '/log/mediawiki/mw_debug.log'
 
@@ -43,6 +45,9 @@ RUN set -eux; \
         mkdir -p /opt/mediawiki; \
         chown -R www-data:www-data /log/mediawiki
 
-ADD include/LocalSettings.LDAP.php /opt/mediawiki
+RUN set -eux; \
+        mkdir -p /var/www/html/settings.d;
+
+ADD include/settings.d /opt/mediawiki/settings.d/
 ADD include/install_wiki.sh /opt/mediawiki/
 RUN chmod +x /opt/mediawiki/install_wiki.sh

build/include/install_wiki.sh

@@ -2,17 +2,26 @@
 
 php maintenance/install.php --dbname=$DB_NAME --dbserver=$DB_HOST --installdbuser=$DB_USER --installdbpass=$DB_PASS --dbuser=$DB_USER --dbpass=$DB_PASS --server=$WIKI_URL --scriptpath=$WIKI_PATH --lang=$WIKI_LANG --pass=$WIKI_ADMIN_PASS $WIKI_NAME $WIKI_ADMIN
 
-if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi
 
-cp /opt/mediawiki/LocalSettings.LDAP.php /var/www/html/LocalSettings.LDAP.php
+for i in /opt/mediawiki/settings.d/*
-sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/LocalSettings.LDAP.php
+do
-sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/LocalSettings.LDAP.php
+  ext=$(basename $i)
-sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/LocalSettings.LDAP.php
+  base='require_once "$IP/settings.d/'
-sed -i "s/LDAP_ENCTYPE/$LDAP_ENCTYPE/g" /var/www/html/LocalSettings.LDAP.php
+  end='";'
-sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/LocalSettings.LDAP.php
+  echo $base$ext$end >> /var/www/html/LocalSettings.php
-sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/LocalSettings.LDAP.php
+  cp $i /var/www/html/settings.d/
-sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/LocalSettings.LDAP.php
+  echo "$ext activated"
-sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/LocalSettings.LDAP.php
+done
-sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/LocalSettings.LDAP.php
+
+
+sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_ENCTYPE/$LDAP_ENCTYPE/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/settings.d/LocalSettings.LDAP.php
 
 php maintenance/update.php --quick

build/include/settings.d/LocalSettings.LDAP.php

@@ -15,6 +15,8 @@ $wgDebugLogGroups                 = array(
      'LDAPGroups'                 => '/log/mediawiki/LDAPGroups.log',
      'LDAPUserInfo'               => '/log/mediawiki/LDAPUserInfo.log',
      'LDAPProvider'               => '/log/mediawiki/LDAPProvider.log',
+     'LDAPSyncAll'                => '/log/mediawiki/LDAPSyncAll.log',
+     'Auth_remoteuser'            => '/log/mediawiki/Auth_remoteuser.log',
      'PluggableAuth'              => '/log/mediawiki/PluggableAuth.log',
      'LDAP'                       => '/log/mediawiki/ldap.log',
      'MediaWiki\\Extension\\LDAPProvider\\Client' => '/log/mediawiki/LDAPClient.log'

docker-compose.yml

@@ -26,7 +26,7 @@ services:
       - WIKI_LANG=${WIKI_LANG}
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.mediawiki.rule=Host(`wiki.katronic.de`)"
+      - "traefik.http.routers.mediawiki.rule=Host(`wiki.yourdomain.local`)"
       - "traefik.http.routers.mediawiki.entrypoints=websecure"
       - "traefik.http.routers.mediawiki.tls.certresolver=mytlschallenge"