问题
Just got my MediaWiki running on a local domain (running as container on Synology nas). Now i want to configure so only domain users can access the Wiki and are automatically logged in. This is for the sole purpose of tracking user name with page edits. My local domain is abc.local and my domain controller is Windows Server 2008 R2.
I've done the following:
1) Installed extensions LDAPProvider, LDAPAuthentication2, and PluggableAuth.
2) Added the following to the bottom of my LocalSettings.php.
wfLoadExtension( 'PluggableAuth' );
$wgPluggableAuth_EnabledAutoLogin = true;
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPProvider' );
$LDAPProviderDomainConfigProvider = function () {
$config = [
'LDAP' => [
'connection' => [
"server" => "abc.local",
"user" => "cn=Administrator,dc=abc,dc=local",
"pass" => 'passwordhere',
"options" => [
"LDAP_OPT_DEREF" => 1
],
"basedn" => "dc=abc,dc=local",
"groupbasedn" => "dc=abc,dc=local",
"userbasedn" => "dc=abc,dc=local",
"searchstring" => "uid=USER-NAME,dc=abc,dc=local",
"emailattribute" => "mail"
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"searchattribute" => "uid",
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
The pluggins are running:
When i go to the main page i'm not automatically logged in, so i try to log in with domain creds and get the following:
I'm pretty green here and not sure how to configure things. Any ideas?
thanks, russ
EDIT: After adding $wgShowExceptionDetails = true; I'm getting the following error message:
EDIT2: Snip from phpinfo()
EDIT3: Started over with new containers in attempt to get php-ldap extension working and get around the ldap_connect() error. Here are the steps i took with my last attempt:
REFERENCE: https://wiki.chairat.me/books/docker/page/how-to-setup-mediawiki-with-docker
Enable SSH service from control panel Terminal & SNMP and then open an SSH connection to the Synology box (using Putty). Login as box admin.
Run the following command to create a new docker container named mediawiki based on the latest mediawiki image:
sudo docker container run -d --name mediawiki -p 8080:80 mediawiki
Run the following command to create a new docker container named mediakwiki-mysql based on the latest MySQL image. Replace with desired MySQL root password:
sudo docker container run -d --name mediawiki-mysql -v mediawiki-mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD= mysql
Run the following 3 command's to create a docker network and then tie the 2 images into it:
sudo docker network create mediawiki
sudo docker network connect mediawiki mediawiki
sudo docker network connect mediawiki mediawiki-mysql
REFERENCE: https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-ubuntu-18-04#step-2-%E2%80%94-installing-mysql
Next, open a bash terminal in the mediawiki-mysql container and set the root plugin to mysql_native_password if necessary:
mysql -uroot -p (this opens a mysql prompt where is what you set up in 3. without the <>)
SELECT user,authentication_string,plugin,host FROM mysql.user; (this lists user attributes)
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password'; (password is the set above too)
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
Add a volume mapping in the mediawiki-mysql container so you can copy files to/from the container and a share you can access with File Station on the Synology.
Stop the container if it is running.
Right-click and select Edit, then click on Volume.
Click "Add Folder" and select the shared volume you will use. For "Mount path" put /var/lib/mysql
Start the container.
REFERENCE: https://computingforgeeks.com/how-to-install-php-7-3-on-debian-9-debian-8/
Add php-ldap extension to the mediawiki container if you want to enable ldap authentication (e.g. if you have domain with active directory etc.). Open a bash terminal in the mediawiki container:
php -m (this will list all of the active PHP modules - ldap is not listed if not installed yet)
php -v (this will show you what version of PHP you are running)
apt-get update
apt-get upgrade -y
apt-get install libldb-dev libldap2-dev
cd /usr/local/bin
docker-php-ext-install ldap (this takes a while)
php -m (this shows ldap in the list)
Setup the MediaWiki before going on to the Ldap extension stuff.
Open "http://XXX.XXX.XXX.XXX:8080/" in browser and configure. Use "mediawiki-mysql" in place of "localhost" for mysql. Put LocalSettings.php into the /usr/www/html folder.
REFERENCE: https://www.mediawiki.org/wiki/Special:ExtensionDistributor?extdistname=LDAPProvider&extdistversion=master
Install the LDAPProvider mediawiki extension needed to support LdapAuthentication2
wget "https://extdist.wmflabs.org/dist/extensions/LDAPProvider-master-04dc101.tar.gz"
tar -xzf LDAPProvider-master-04dc101.tar.gz -C /var/www/html/extensions
rm LDAPProvider-master-04dc101.tar.gz
add "wfLoadExtension( 'LDAPProvider' );" to the LocalSettings.php file.
run "php maintenance/update.php" to create the required databases (takes a few seconds).
wget "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_34-17fb1ea.tar.gz"
tar -xzf PluggableAuth-REL1_34-17fb1ea.tar.gz -C /var/www/html/extensions
rm PluggableAuth-REL1_34-17fb1ea.tar.gz
add "wfLoadExtension( 'PluggableAuth' );" to the LocalSettings.php file.
wget "https://extdist.wmflabs.org/dist/extensions/LDAPAuthentication2-master-cb07184.tar.gz"
tar -xzf LDAPAuthentication2-master-cb07184.tar.gz -C /var/www/html/extensions
rm LDAPAuthentication2-master-cb07184.tar.gz
add "wfLoadExtension( 'LDAPAuthentication2' );" to the LocalSettings.php file.
copy in the LocalSettings.php file that has the LDAP configuration (item 2 in my original question above).
回答1:
Based on the comments conversation and the additional step-by-step list above, here some thoughts:
Add php-ldap extension to the mediawiki container if you want to enable ldap authentication (e.g. if you have domain with active directory etc.). Open a bash terminal in the mediawiki container:
php -m (this will list all of the active PHP modules - ldap is not listed if not installed yet)
php -v (this will show you what version of PHP you are running)
apt-get update
apt-get upgrade -y
apt-get install libldb-dev libldap2-dev
cd /usr/local/bin
docker-php-ext-install ldap (this takes a while)
php -m (this shows ldap in the list)
I strongly doubt that this is working both at all and even if it would work, then I doubt it would work in a sustainable way. The problems with this "solution" are:
- You're just changing the container state, not the image. Whenever the container is deleted, you've no easy way to reproduce the setup, except by doing all these manual steps again. That's not really what docker containers are about
- You're "just" changing the php installation, that requires a restart of the php daemon or the apache daemon, if you're using apache. As you're not doing that, the php process handling your requests does not know about the new extension, whereas the php cli is perfectly fine showing you the ldap extension.
The solution, that will work with your problem, is to create your own image, based on the mediawiki:latest docker image. In this you can then add all the required libraries and use this image instead of the base one. Here're the steps you need to do to achieve that:
- Create a new directory on your host where you're running docker as well
- Create a
Dockerfilein this directory on your host: This file is a set of instructions for docker to know how to build the image. - Fill it with this contents:
# inherit from the official mediawiki image
FROM mediawiki:latest
# Install the required libraries for adding the ldap extension for php
RUN apt-get update && \
apt-get install -y libldb-dev libldap2-dev && \
rm -rf /var/lib/apt/lists/*
RUN docker-php-ext-install ldap
- Build the image with docker by navigating into the directory and run this command:
docker build -t mediawiki:local .The-tcreates a tag for the resulting image so that you can use this meaningful name instead of the checksum of the image. You can, however, choose whatever name and tag you want. - Run the container with this new image:
docker run -v /path/to/LocalSettings.php:/var/www/html/LocalSettings.php -p 8080:80 --rm=true -d mediawiki:local. The command may be different from what you use, the important bit is the new image name, which ismediawiki:localor whatever tag you used in the build step before.
The resulting container has the ldap plugin installed and it can also be used from the php daemon which handles incoming requests.
Some remarks to your subsequent setup: If I understand it correctly, you're also installing extensions in the container itself, as well, by using a shell in the container and downaloding the extension. This is also not the best idea of doing, as, as I said already, when you recreate the container (which shouldbe possible always and you shouldn't think about that), the extensions are deleted as well. You should inject the extensions directory as a volume to the container and save the extensions on your hosts disk. Or, as an alternative, you can install the MediaWiki extension in the Dockerfile where you install the ldap php extension as well.
来源:https://stackoverflow.com/questions/59524574/ldap-on-local-domain-with-mediawiki