mediawiki / wiki-to-ldap
Provides a way to migrate wiki users to LDAP-backed users
Installs: 61
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 20
Forks: 0
Type:mediawiki-extension
Requires
Requires (Dev)
This package is not auto-updated.
Last update: 2024-04-27 07:59:56 UTC
README
The initial development of this extension was funded by The Open Source Geospatial Foundation to help migrate their wiki users from MediaWiki-only user accounts to their centralized, LDAP-backed OSGeo Services UserID. The intent is to merge existing wiki accounts with LDAP-backed accounts using the UserMerge extension. There are two SpecialPages to handle this: Special:WikiUserMerge and Special:LDAPUserMerge. Because of the requirements for OSGeo, more work has been done on the Special:LDAPUserMerge workflow, but the other one should work as well.
Prerequisites
- A test wiki. You’ll want to test the entire workflow before you deploy to production it since authentication is a critical part of the wiki.
- Set up the LDAPAuthentication2 extension. This depends on at least PluggableAuth and LDAPProvider. You should ensure that users can log in using their LDAP credentials before proceding.
- Enable the UserMerge extension. WikiToLDAP uses the merge capability of the UserMerge to handle the actual merging of users.
- Enable the Renameuser extension. This is not strictly required, but the workflow outlined here depends on it. If you use the merge method described in this documentation, you’ll need this extension installed.
Installation
This extension uses the new (as of early 2021) Composer for extensions guidance to install the extension.
This means that to install the extension you need to install composer and run the following To download the extension, run the following command from the command line in your wiki’s top-level directory (i.e. the one that contains the LocalSettings.php file) :
$ COMPOSER=composer.local.json php ( touch $COMPOSER && \ composer.phar require --no-update mediawiki/wiki-to-ldap )
After this, you’ll need to enable the extension by adding the following to your LocalSettings.php file:
wfLoadExtension( 'WikiToLDAP' );
Configuration
As with most other MediaWiki extensions, this extension is configured by setting PHP variables in the LocalSettings.php file. The settings are all prefixed with WikiToLDAP so the MigrationInProgress setting below would be set by adding the following line to the LocalSettings.php:
$WikiToLDAPMigrationInProgress = false;
| Setting | Default | Description |
|---|---|---|
| MigrationGroup | wikitoldap-needs-migration | The group old wiki users are put into before any migration is attempted. |
| InProgressGroup | wikitoldap-in-progress | The group users are put into after they log in and migration has started. |
| MergedGroup | wikitoldap-merged | The group for users who have gone through WikiToLDAP’s merge process. |
| OldUserNamePrefix | ⚠️ | The prefix the old wiki accounts have. You can use the -r option in the ‘MoveToMigrationGroup.php’ script to rename all current wiki users with this prefix. |
| MigrationInProgress | true | Whether any migration is currently in progress. If false, defaults to behaving just like LDAPAuthentication2. |
| OldUsersAreRenamed | false | Set to true if you use the -r option in the ‘MoveToMigrationGroup.php’ script. |
| CanCheckOldUser | false | Set to true if you want users to be able to log in with their old wiki username during the transition period. |
Documentation
A PDF version of this documentation can be produced by running make at the command line. It requires Emacs and LaTeX be installed as well and will complain if they aren’t.