I have been trying various LDAP extensions without success. Most Google-able information is years old.
Anyone use this : https://www.freeipa.org/page/Setting_up_MediaWiki_to_run_against_FreeIPA ?
______________________________________________________________________________________________
Daniel E. White daniel.e.white@nasa.govmailto:daniel.e.white@nasa.gov NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290
White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote:
I have been trying various LDAP extensions without success.
Most Google-able information is years old.
Anyone use this : https://www.freeipa.org/page/Setting_up_MediaWiki_to_run_against_FreeIPA%C2%... ?
My first foray into the Kerberos world eons ago was to Kerberize a MW server and I used a similar method as described in the user-contributed article. I didn't end up adding in any LDAP integration but setting up auto-creation of a MW user was pretty straightforward IIRC.
For my simple use case IIRC I just stripped the username off the principal and used that (similar to $wgAuthRemoteuserDomain). That won't work for AD users as you could have conflicts.
Honestly for me the hardest part was setting up a KDC with LDAP integration (3 full days IIRC) in the pre-IPA days.
rob
Thanks, Rob.
I will give it a try.
______________________________________________________________________________________________
Daniel E. White daniel.e.white@nasa.govmailto:daniel.e.white@nasa.gov NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290
From: Rob Crittenden rcritten@redhat.com Date: Thursday, February 6, 2020 at 15:31 To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Daniel White daniel.e.white@nasa.gov Subject: [EXTERNAL] Re: [Freeipa-users] MediaWiki and FreeIPA ?
White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote: I have been trying various LDAP extensions without success. Most Google-able information is years old.
Anyone use this : https://urldefense.proofpoint.com/v2/url?u=https-3A__www.freeipa.org_page_Se... ?
My first foray into the Kerberos world eons ago was to Kerberize a MW server and I used a similar method as described in the user-contributed article. I didn't end up adding in any LDAP integration but setting up auto-creation of a MW user was pretty straightforward IIRC.
For my simple use case IIRC I just stripped the username off the principal and used that (similar to $wgAuthRemoteuserDomain). That won't work for AD users as you could have conflicts.
Honestly for me the hardest part was setting up a KDC with LDAP integration (3 full days IIRC) in the pre-IPA days.
rob
freeipa-users@lists.fedorahosted.org
-
Rob Crittenden -
White, Daniel E. (GSFC-770.0)[NICS]