setting up mediawiki with active directory

The problem is this: How do you get MediaWiki which runs on top of XAMPP to be secure using Active Directory?

We wanted to secure our MediaWiki site so that users can log in using their Active Directory account. In addition we wanted only some users to be able to read the Wiki pages and a smaller subset of those users to be able to edit pages.

MediaWiki does have an LDAP Authentication extension but it is not obvious from the extension web page how to set it up. I came across a lot of web pages to get this final solution, but this this one was especially helpful. So without further adieu..

how to set up the extension

1. First, you need to enable the LDAP module in PHP (recent versions of PHP have this built in). To do this, you need to find the php.ini file that your installation is using. I found mine in xampp\apache\bin\php.ini. If you’re not sure which one to change you can do the following:

    Create a file called phpinfo.php and put this code in it:

    Run it from your browser (http://server/directory/phpinfo.php) and the page that comes up will show you the php.ini path.

2. Edit the php.ini file and remove the semicolon at the head of this line:

3. Next, copy the LdapAuthentication.php file to your wiki includes directory. In my case this directory is xampp\htdocs\wiki\includes.

4. Add the following lines to your LocalSettings.php, replacing the bold items with actual values:

nested groups

The above will set up MediaWiki to connect to your Active Directory. However, the default implementation of the extension does not support nested groups when it comes to determining the groups that a user is in. If you want your user to be a member of a group which is a member of another group, and use the parent group in your wiki settings, then you need to make this modification. In order to do this I had to modify the LDAP Authentication extension. This requires changing the LdapAuthentication.php file:

1. Add the following code:

2. Add code to the authenticate function (new code is in bold):