A partial archive of https://discourse-mediawiki.wmflabs.org as of Saturday May 21, 2022.

Ldap_Authentication

amitkr

Hi Friends.

Could any one tell me the all steps for LDAP Authentication…

Thanks - amit

FlorianSW

Hi!

That may be some annoying to you now, however: Why does the documentation not suffice. At which point do you get stuck? It’s very hard to help you, if you do not provide enough information so we know where we can start :slight_smile:

Generally spoken: The configuration in it’s own (of this extension) is more or less easy, however it highly depends on the LDAP schema of your LDAP server you’re using. Maybe we start with what you want to achieve (only login or group management in LDAP, too), and what you’ve configured so far (that’s also related to “where did you get stuck”).

Best,
Florian

Tgr

Note that there’s an ongoing rewrite effort for the extension.

amitkr

Thanks for the help.

My LDAP Authentication is working properly but I want to print the actual name of users instead of user id on the top right of the page.

Kindly help me on this.

amitkr

My LDAP Authentication is working properly but I want to print the actual name of users instead of user id on the top right of the page

FlorianSW

You still do not give the configuration you did so far (without any credentials!) :stuck_out_tongue: However, this should be possible with the $wgLDAPPreferences configuration and should be something like the nickname property:

$wgLDAPPreferences = array(
  'yourLDAPDomain' => [ 'nickname' => 'theLDAPProperty' ]
);

Where theLDAPProperty is the property (such as cn) where the username is printed in.

amitkr

In which file I need to add that line of code

Tgr

The conventional location is LocalSettings.php.

jehovahsays

are there any HTTP response headers hosting the FQDN or IP address of the LDAP server to search with security? I usually use /includes/webstart.php to secures MediaWiki Security Headers

FlorianSW

A dumb question from my side: What exactly do you mean? What are you looking for? What do you mean with “to secures MediaWiki Security Headers”? Generally spoken: Touching MediaWiki’s core files directly is a bad practice in any case :slight_smile:

Happy to read back from you to find out, what you actual goal is.

jehovahsays

I just thought that since Ldap Authentication ran as a server,
that is it possibly to secure that Ldap Authentication server,
like we would with custom http security headers on a web server?

No question should be shamed as dumb.

I mean to harden the security of all and/or
any of the protocols internal and/or external within reach of my MediaWiki.
I secure my self-hosted MediaWiki website google the keyword @jehovahsays.
You should check it out some time to see why i ask these security questions.
I have access to the MediaWiki core but i in process of upgrading my windows cmd & bash shell. so i can touch MediaWiki core files directly as a team.

TheDJ

This is a very broadly interpretable part. Which headers do you want specifically. Some are already added, some are added at a content level instead of a header, some might be easy to add with your web configuration or loadbalancer, others might be really hard (like Content-Security-Policy).