Playing with MediaWiki

UPDATE [Sept ’07]: I am the Infrastructure Architect for a 9000+ organisation and although we’ve toyed with Wikis we haven’t adopted them at all. Many issues around Knowledge Management have hindered adoption. For the last year all my blogging has been internal, but I’ve recently started putting some thoughts back out into the public arena. If your struggle reflects mine you might find my new blog of interest.

I’ve spent the last few days integrating MediaWiki with Active Directory. There’s lots of stuff on the web and I’ve used the LDAPAuthenticate.php LDAPAuthentication.php script that just plugs in. However, because we still use sAMAccountName I had to make a few tweeks, necessitating learning a bit about PHP and how authentication works in MediaWiki. Next step is to do single sign on.

My infrastructure is MySQL, PHP and IIS 5. IIS is set to not allow anonymous connections so users are already authenticated and I can pick up the user name from $_SERVER[“AUTH_USER”]. I don’t need to check the password, that has already been done by IIS, so I can simply validate the user in AD and pick up the user data. I think it will be quite simple and there are examples for Apache (using REMOTE_USER) that will help.

I have, along with 2 collegues, been tasked with coming up with a repository for an IT knowledge base. There are a few other options that we need to consider, but the Wiki looks good. Had this integration with AD not been possible I would not have taken it further.

There also might be interest in using a Wiki as a code library shared globally within our organisation. Might be the right tool.

UPDATE: There has been enough interest in what we have done with Mediawiki to take it to the next level, to wit my post Mediawiki is not for enterprise.


10 responses to “Playing with MediaWiki

  1. I am also about to attempt integrating MediaWiki with AD. Can you share some tips or point me to some links?

  2. I’m going to through my hat into this ring and hopefully we can figure out the best way to do this. I also want to prefix this with, I am not a developer (so I probably haven’t figured out the best way to do most things)

    Instead of the LDAPAuthentication.php, I used Auth_remoteuser.php v1.1 and all the subqequit sections. I modifed the file to add a function I wrote to use the $_SERVER[?AUTH_USER?] variable to query the company AD (regress to the proper protion of the tree using subtree query – its a complicated AD Structure) and then populate the appropriate variables in the script such as $user->setEmail, $user->setRealName, etc.

    Now as soon as a new user goes to the wiki the SAMAccountName is used as the username and the other variables propagated.

    I have one issue currently with the “Watched Pages”, where if the page is watched I get a PHP-CGI.exe dump when it tries to send an email, as soon as that is tracked down I think we have a winner.

  3. Good work, I must admit I have been very distracted by other work, and have been unable to try this. I’m glad it appears to be as simple as I hoped. I honestly don’t think I will find time to try this out for at least the next three weeks. Please continue to post your progress though, or a link to another place where you are posting it.

  4. If/when I figure things out i’ll be sure to post a comment here!

  5. Brian and Richard: I, too, am trying to get the Mediawiki authentication against AD to work. I tried following the LDAP Authentication instructions found here. Unfortunately, when I would authenticate, I was met with a blank page. I have reverted to the default method at the moment.

    I am looking to do exactly what you guys are attempting to do: force authentication to the website and pass those credentials as a Mediawiki user. Essentially, I want to create the user if they do not exist or authenticate if they do exist.

    I also tried to use the suggestion from Alistair Johnson that was posted on the Mediawiki-l listserv. What he has done appears to be close to what I am trying to do, but I got some interesting error messages when attempting his hack.

    I, too, am by no means a developer; just a sysadmin trying to get a wiki off the ground for my firm. Flexwiki accomplishes the authentication aspect, but I did not like the lack of support it had for file attachments (which to me is one of the big attractors of using a wiki). With that said, I will gladly throw my hat into the ring in hopes of getting this to work. Three heads are better than one, right? 😉

  6. Jason, good to have your input too. I’ve been on holiday so have a bit of catching up to do and will try to find time to devote to this soon – depends on what awaits me when I return to work in 6 hours time 🙂

  7. Has anyone gotten Mediawiki to pull preferences (like email address) from Active Directory? I have the authentication piece working fine but can’t seem to get it to pull information from AD into Mediawiki.


  8. Karen, it doesn’t look like it. I will have an opportunity to try this out the week after next. That doesn’t mean I’ll get it to work though :-(.

  9. I’ve gotten mediawiki/apache to do both LDAP authenication, and NTLM authentication.

    NTLM authentication is more useful in an intranet environment where the user is already logged into the domain. This way, mediawiki just “knows” who the user is, and they don’t need to log in against the LDAP server seperately.

    so you want to use the auth_remote user hack to media wiki, and auth_ntlm module on apache.

    One last note: firefox can be set to use NTLM automatically. more about that here.

  10. Hi
    Can someone describe how you configure PHP to support LDAP? i followed the instruction from, but it didn’t work. The operating system is Windows server 2000. I created the path in windows environment variables, copied php_ldap, libeay32.dll and ssleay32.dll to system32, restart the apache. But still got the blank page!

    Can someone please help me?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s