Gitiles
Code Review Sign In
gerrit.wikimedia.org / mediawiki / extensions / LDAPSyncAll

MediaWiki extension LDAPSyncAll

Clone this repo:

Branches

Tags

  1. 30a6e5f build: Updating mediawiki/mediawiki-codesniffer to 43.0.0 by libraryupgrader · 5 weeks ago REL1_42 master
  2. d6c8f49 Update tests for PHPUnit 9.6 by Daimona Eaytoy · 3 months ago
  3. 0fd133a build: Updating grunt-banana-checker to 0.11.1 by libraryupgrader · 2 months ago
  4. abfd623 build: Updating npm dependencies by libraryupgrader · 3 months ago
  5. ba8dc77 build: Updating npm dependencies by libraryupgrader · 3 months ago

LDAPSyncAll

This extension provides mechanism which synchronizes users in database and users in active directory

  • If in a database there is no user, who is in LDAP => user will be added to the database

  • If in a database there is user, who is not in LDAP => user will be disabled

Installation

Execute

composer require hallowelt/ldapsyncall dev-REL1_31

within MediaWiki root or add mediawiki/ldap-sync-all to the composer.json file of your project

Activation

Add

wfLoadExtension( 'LDAPSyncAll' );

to your LocalSettings.php.

Usage

Extension provides maintenance script that you can simply run from your console php maintenance/SyncLDAPUsers.php Also, there is RunJobsTriggerHandler that runs once a day.

Configuration

You need to add the following line in your LocalSettings.php, don't forget to change "Admin" to username who has admin permissions. This user is the guy who disables accounts that are not in LDAP

$GLOBALS['LDAPSyncAllBlockExecutorUsername'] = 'Admin';

You can specify usernames and usergroups that you want to exclude from disabling, for example:

$GLOBALS['LDAPSyncAllExcludedUsernames'] = [ 'Bob', 'Emily' ];

$GLOBALS['LDAPSyncAllExcludedGroups'] = [ 'bot', 'editor' ];