Updated to 1.39

Added comments to the Environment Variables

README.md

@@ -1,3 +1,63 @@
-# mediawiki-ldap
+# mediawiki-extended
 
-cp example.env .env > set Variables > Build Container > Start Stack > run ./run_install.sh > connect to your Wiki URL > Login with LDAP
+The goal of this container is to have an easily deploayble mediawiki with the extensions for LDAP already integrated.
+
+## Features
+
+- Based on https://github.com/sodema/mediawiki-ldap
+- A docker-compose file to run directly
+- integrated LDAPAuthentication2, LDAPAuthorization, LDAPGroups, LDAPProvider, LDAPSyncAll, LDAPUserInfo, PluggableAuth, Auth_remoteuser from official Mediawiki git
+- All LDAP related settings are handled via .env file
+- Custom LocalSettings.LDAP.php which includes all the tweaks for connecting to LDAP
+- One-Klick installer / doensn't use the web based installation procedure
+- persistent volumes, so you can edit LocalSettings.php & LocalSettings.LDAP.php
+- Also includes ExternalData, Cite, Cargo, Math, and PageForms extensions
+
+## Usage
+
+```
+git clone https://gitea.eom.dev/DevOps/mediawiki-extended.git
+cd mediawiki-extended
+docker build build/. -t mediawiki-extended:latest
+mv example.env .env
+(vi/nano/???) .env
+(vi/nano/???) docker-compose.yml
+docker-compose up -d
+docker logs -f mediawiki-db
+docker logs -f mediawiki-app
+./run_install.sh
+```
+Instead of building yourself you can also just `docker pull ericomeehan/mediawiki-extended:latest`
+
+
+## Environment Variables
+
+These are the variables that need to be set:
+
+```
+LDAP_BASE=dc=yourdomain,dc=local                                  # BASE DN
+LDAP_SERVER_NAME=ldap.yourdomain.local                            # FQDN of your LDAP server
+LDAP_SERVER_PORT=9636                                             # Port of your LDAP server
+LDAP_DOMAINNAME=yourdomain.local                                  # Name of your domain
+LDAP_ENCTYPE=ssl                                                  # Encryption type 'ldapi', 'ssl', 'tls', or 'clear'
+LDAP_USER_ATTR=uid                                                # Attribute to identify user 'uid' or 'cn'
+LDAP_BIND_USER="uid=readonly,cn=users,dc=yourdomain,dc=local"     # User to bind to LDAP
+LDAP_BIND_PASS="SecretBindPassword"                               # Bind Password
+LDAP_SEARCH_FILTER="(&(objectClass=inetOrgPerson))"		  # Search filter
+LDAP_MAIL_ATTR=mail						  # Email attribute
+LDAP_REAL_NAME_ATTR=givenName					  # First name attribute
+LDAP_BUREAUCRAT_GROUP="cn=bureaucrat,ou=groups,dc=example,dc=com" # Bureaucrat group mapping
+LDAP_INTERFACE_ADMIN_GROUP="cn=admin,ou=groups,dc=example,dc=com" # Interface admin group mapping
+LDAP_SYSOP_GROUP="cn=sysop,ou=groups,dc=example,dc=com"		  # Sysop group mapping
+DB_HOST=mediawiki-db                                              # Hostname of DB server
+DB_PORT=3306                                                      # DB server Port
+DB_NAME=mediawiki                                                 # Name of your Wiki DB
+DB_USER=mediawiki                                                 # DB User
+DB_PASS=SecretDBPass                                              # DB Password
+WIKI_NAME=Yourdomain_Wiki                                         # Name of your wiki
+WIKI_ADMIN=Admin                                                  # Username of local admin (local login must be enabled first)
+WIKI_ADMIN_PASS=ChangeMe2022!                                     # Password for local admin
+WIKI_URL=https://wiki.yourdomain.local                            # URL and Protocol where your Wiki sits (if behind reverse proxy choose https)
+WIKI_LANG=de                                                      # Language for your wiki
+
+```

build/Dockerfile

@@ -1,5 +1,4 @@
-FROM mediawiki:1.35.8
-MAINTAINER david.martin@sodema.de
+FROM mediawiki:lts
 
 RUN apt-get update && apt-get -y install libldb-dev git && rm -rf /var/lib/apt/lists/*
 
@@ -8,16 +7,19 @@ ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/do
 RUN chmod +x /usr/local/bin/install-php-extensions && \
     install-php-extensions ldap
 
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
-RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-ExternalData.git /var/www/html/extensions/ExternalData
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-PageForms.git /var/www/html/extensions/PageForms
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-Cargo.git /var/www/html/extensions/Cargo
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
+RUN git clone --branch REL1_39 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
+
 
-RUN if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi
 
 
 RUN set -eux; \
@@ -34,6 +36,8 @@ RUN touch '/log/mediawiki/LDAPGroups.log'
 RUN touch '/log/mediawiki/LDAPUserInfo.log'
 RUN touch '/log/mediawiki/LDAPProvider.log' 
 RUN touch '/log/mediawiki/PluggableAuth.log' 
+RUN touch '/log/mediawiki/LDAPSyncAll.log'
+RUN touch '/log/mediawiki/Auth_remoteuser.log'
 RUN touch '/log/mediawiki/ldap.log' 
 RUN touch '/log/mediawiki/mw_debug.log'
 
@@ -43,6 +47,9 @@ RUN set -eux; \
         mkdir -p /opt/mediawiki; \
         chown -R www-data:www-data /log/mediawiki
 
-ADD include/LocalSettings.LDAP.php /opt/mediawiki
+RUN set -eux; \
+        mkdir -p /var/www/html/settings.d;
+
+ADD include/settings.d /opt/mediawiki/settings.d/
 ADD include/install_wiki.sh /opt/mediawiki/
 RUN chmod +x /opt/mediawiki/install_wiki.sh

build/include/install_wiki.sh

@@ -2,17 +2,31 @@
 
 php maintenance/install.php --dbname=$DB_NAME --dbserver=$DB_HOST --installdbuser=$DB_USER --installdbpass=$DB_PASS --dbuser=$DB_USER --dbpass=$DB_PASS --server=$WIKI_URL --scriptpath=$WIKI_PATH --lang=$WIKI_LANG --pass=$WIKI_ADMIN_PASS $WIKI_NAME $WIKI_ADMIN
 
-if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi
 
-cp /opt/mediawiki/LocalSettings.LDAP.php /var/www/html/LocalSettings.LDAP.php
-sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/LocalSettings.LDAP.php
-sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/LocalSettings.LDAP.php
-sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/LocalSettings.LDAP.php
-sed -i "s/LDAP_ENCTYPE/$LDAP_ENCTYPE/g" /var/www/html/LocalSettings.LDAP.php
-sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/LocalSettings.LDAP.php
-sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/LocalSettings.LDAP.php
-sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/LocalSettings.LDAP.php
-sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/LocalSettings.LDAP.php
-sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/LocalSettings.LDAP.php
+for i in /opt/mediawiki/settings.d/*
+do
+  ext=$(basename $i)
+  base='require_once "$IP/settings.d/'
+  end='";'
+  echo $base$ext$end >> /var/www/html/LocalSettings.php
+  cp $i /var/www/html/settings.d/
+  echo "$ext activated"
+done
+
+sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_ENCTYPE/$LDAP_ENCTYPE/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_REAL_NAME_ATTR/$LDAP_REAL_NAME_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_MAIL_ATTR/$LDAP_MAIL_ATTR/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_BUREAUCRAT_GROUP/$LDAP_BUREAUCRAT_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_INTERFACE_ADMIN_GROUP/$LDAP_INTERFACE_ADMIN_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_SYSOP_GROUP/$LDAP_SYSOP_GROUP/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/LDAP_SEARCH_FILTER/$LDAP_SEARCH_FILTER/g" /var/www/html/settings.d/LocalSettings.LDAP.php
+sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/settings.d/LocalSettings.LDAP.php
 
 php maintenance/update.php --quick

build/include/settings.d/LocalSettings.LDAP.php

@@ -15,6 +15,8 @@ $wgDebugLogGroups                 = array(
      'LDAPGroups'                 => '/log/mediawiki/LDAPGroups.log',
      'LDAPUserInfo'               => '/log/mediawiki/LDAPUserInfo.log',
      'LDAPProvider'               => '/log/mediawiki/LDAPProvider.log',
+     'LDAPSyncAll'                => '/log/mediawiki/LDAPSyncAll.log',
+     'Auth_remoteuser'            => '/log/mediawiki/Auth_remoteuser.log',
      'PluggableAuth'              => '/log/mediawiki/PluggableAuth.log',
      'LDAP'                       => '/log/mediawiki/ldap.log',
      'MediaWiki\\Extension\\LDAPProvider\\Client' => '/log/mediawiki/LDAPClient.log'
@@ -42,13 +44,6 @@ $wgLdapAuthIsActiveDirectory  = 'false';
 $wgLdapAuthSearchTree         =  true ;
 
 
-#PluggableAuth
-$wgPluggableAuth_EnableAutoLogin  = false ;
-$wgPluggableAuth_EnableLocalProperties = false ;
-$wgPluggableAuth_EnableLocalLogin = false ;
-$wgPluggableAuth_ButtonLabel = "LDAP Log In"; # defaults to "Login with PluggableAuth "
-
-
 #LDAPAuthentication2
 $LDAPAuthenticationAllowLocalLogin = true;
 $LDAPAuthenticationUsernameNormalizer = 'strtolower';
@@ -60,15 +55,15 @@ $LDAPProviderDomainConfigProvider = function() {
 				"server" => "LDAP_SERVER_NAME",
 				"port" => "LDAP_SERVER_PORT",
                                 "enctype" => "LDAP_ENCTYPE",
-				"user" => LDAP_BIND_USER,
-				"pass" => LDAP_BIND_PASS,
+				"user" => "LDAP_BIND_USER",
+				"pass" => "LDAP_BIND_PASS",
 				"basedn" => "LDAP_BASE",
 				"userbasedn" => "LDAP_BASE",
 				"groupbasedn" => "LDAP_BASE",
 				"searchattribute" => "LDAP_USER_ATTR",
 				"usernameattribute" => "LDAP_USER_ATTR",
-				"realnameattribute" => "displayname",
-				"emailattribute" => "mail",
+				"realnameattribute" => "LDAP_REAL_NAME_ATTR",
+				"emailattribute" => "LDAP_MAIL_ATTR",
 				"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
 				"nestedgroups" => true
 			],
@@ -79,12 +74,16 @@ $LDAPProviderDomainConfigProvider = function() {
 			],
 			"userinfo" => [
 				"attributes-map" => [
-					"email" => "mail",
-					"realname" => "displayname"
+					"email" => "LDAP_MAIL_ATTR",
+					"realname" => "LDAP_REAL_NAME_ATTR"
 				]
 			],
 			"groupsync" => [
-				"mechanism" => "allgroups"
+				"mapping" => [
+					"bureaucrat" => "LDAP_BUREAUCRAT_GROUP",
+					"interface-admin" => "LDAP_INTERFACE_ADMIN_GROUP",
+					"sysop" => "LDAP_SYSOP_GROUP"
+				]
 			]
 		]
 	];
@@ -94,27 +93,62 @@ $LDAPProviderDomainConfigProvider = function() {
 $LDAPProviderCacheTime = 5;
 $LDAPProviderCacheType            = "CACHE_NONE" ;
 $LDAPProviderDefaultDomain        = "LDAP_DOMAINNAME" ;
+$wgLdapAuthSearchFilter = 'LDAP_SEARCH_FILTER';
+
+#PluggableAuth
+$wgPluggableAuth_EnableAutoLogin  = false ;
+$wgPluggableAuth_EnableLocalProperties = false ;
+$wgPluggableAuth_EnableLocalLogin = false ;
+$wgPluggableAuth_Config = array(
+      array(
+        'plugin' => 'LDAPAuthentication2',
+        'buttonLabelMessage' => 'pt-login-button',
+        'data' => ['domain'=> $LDAPProviderDefaultDomain]
+         ),
+      array('plugin' => 'LDAPAuthorization'),
+    );
 
 
 # Group Permissions
 
 $wgGroupPermissions['*']['edit'] = false;
 
-$wgGroupPermissions['*']['createaccount'] = true;
+$wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['*']['autocreateaccount'] = true;
 
-$wgGroupPermissions['wiki-admins']['delete'] = true;
-$wgGroupPermissions['wiki-admins']['undelete'] = true;
-$wgGroupPermissions['wiki-admins']['undelete'] = true;
-$wgGroupPermissions['wiki-admins']['editprotected'] = true;
-$wgGroupPermissions['wiki-admins']['protect'] = true;
-
 
 
 
 ## Visual Editor Stuff
 
-wfLoadExtension( 'VisualEditor' );
-wfLoadExtension( 'WikiEditor' );
+#wfLoadExtension( 'VisualEditor' );
+#wfLoadExtension( 'WikiEditor' );
 
+## Eric's extensions
+$wgFavicon = "$wgResourceBasePath/resources/assets/mediawiki.png";
+$wgLogos = [ '1x' => "$wgResourceBasePath/resources/assets/mediawiki.png" ];
+$wgAllowExternalImages = true;
+$wgUseInstantCommons = true;
+$wgLocaltimezone = 'America/New_York';
+$wgFragmentMode = [ 'html5' ];
+$wgCapitalLinks = false;
+
+$wgExternalDataSources['LDAP_SERVER_NAME'] = [
+	'server'	=> 'LDAP_SERVER_NAME',
+	'base dn'	=> 'LDAP_BASE',
+	'user'		=> 'LDAP_BIND_USER',
+	'password'	=> 'LDAP_BIND_PASS'
+];
+
+wfLoadExtension( 'Cargo' );
+wfLoadExtension( 'CategoryTree' );
+wfLoadExtension( 'Cite' );
+wfLoadExtension( 'CiteThisPage' );
+wfLoadExtension( 'ExternalData' );
+wfLoadExtension( 'Interwiki' );
+wfLoadExtension( 'MultimediaViewer' );
+wfLoadExtension( 'PageForms' );
+wfLoadExtension( 'ParserFunctions' );
+wfLoadExtension( 'TemplateData' );
+wfLoadExtension( 'TextExtracts' );
 

docker-compose.yml

@@ -26,7 +26,7 @@ services:
       - WIKI_LANG=${WIKI_LANG}
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.mediawiki.rule=Host(`wiki.katronic.de`)"
+      - "traefik.http.routers.mediawiki.rule=Host(`wiki.yourdomain.local`)"
       - "traefik.http.routers.mediawiki.entrypoints=websecure"
       - "traefik.http.routers.mediawiki.tls.certresolver=mytlschallenge"