I had a request for more information about integrating MediaWiki and AD.
Actually there’s not a lot to it if you are using MediaWiki 1.5.x. You need to get hold of the LDAPAuthenication.php script and drop that in your includes folder and then define a whole set of variables in LocalSettings.php. It really is that simple.
Get LDAPAuthentication.php from here. Just right-click on Version 1.0c and Save As…. I wouldn’t bother reading the rest of that page.
For information on configuration check out these examples.
The one gottcha I had is that we use the sAMAccountName attribute and I wanted to restrict access to an AD group. If you want to do both of these then you must define:
$wgLDAPSearchAttributes = array( “Domain”=>”sAMAccountName” );
$wgLDAPBaseDNs = array( “domain”=>”dc=domain,dc=com” );
$wgLDAPGroupDN = “cn=groupname,ou=groups,dc=domain,dc=com”;
$wgLDAPProxyAgent = “cn=proxy,ou=adminstration,dc=groups,dc=domain,dc=com”;
$wgLDAPProxyAgentPassword = “”;
Then you probably want to do things like turning off edit rights for not authenticated users etc. which you do using the wgGroupPermissions array. These groups are not associated with the AD groups. I don’t think it is possible to integrate right through to AD at this level. AD integration is merely sign on permissions.