I've chosen to use the paid support to solve this issue. Within minutes I received an email with the question what problem I wanted to get solved. An hour later they gave me the solution. Really great work! Here is what Zhang Huangbin wrote me:
Hi Alex,
I got it work. Here's how to implement it.
1) Download LDAP auth plugin here:
https://git.wikimedia.org/zip/?r=mediaw … ;format=gz2) Uncompress it, then you get 3 files and a directory:
LdapAuthentication.i18n.php
LdapAuthentication.php
LdapAutoAuthentication.php
schema/ldap-mysql.sql
schema/ldap-postgres.sql3) Create new directory under your mediawiki directory:
# mkdir extensions/LdapAuthentication/
4) Copy above files to new directory. Then you get files like below:
extensions/LdapAuthentication/LdapAuthentication.i18n.php
extensions/LdapAuthentication/LdapAuthentication.php
extensions/LdapAuthentication/LdapAutoAuthentication.php
extensions/LdapAuthentication/schema/ldap-mysql.sql
extensions/LdapAuthentication/schema/ldap-postgres.sql5) Import SQL file 'schema/ldap-mysql.sql' to your MediaWiki database.
Assume your mediawiki database name is "alex_wiki".# mysql -uroot -p
mysql> USE alex_wiki;
mysql> SOURCE extensions/LdapAuthentication/schema/ldap-mysql.sql;6) Enable and configure LDAP auth plugin in LocalSettings.php. Here's sample
configurations work for me, of course you should replace 'dc=example,dc=com'
by the real LDAP root suffix on your server, and replace password in
$wgLDAPProxyAgentPassword with the real one (you can find it in file
/etc/postfix/ldap/virtual_mailbox_maps.cf, value of parameter 'bind_pw').# ----
require_once( "extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();$wgLDAPDomainNames = array("iRedMail");
$wgLDAPServerNames = array("iRedMail" => "localhost");
$wgLDAPPort = array("iRedMail" => 389);
$wgLDAPEncryptionType = array( "iRedMail" => "clear");$wgLDAPBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");
$wgLDAPProxyAgent = array("iRedMail"=>"cn=vmail,dc=example,dc=com");
$wgLDAPProxyAgentPassword = array( "iRedMail"=>"NRqxLHQvReKhWkHSwbO9LGtGlZ2iDK");
$wgLDAPUserBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");
$wgLDAPSearchAttributes = array( "iRedMail" => "mail");
$wgLDAPLowerCaseUsername = array( "iRedMail"=>true);
# ----Let me know whether it works for you or not.
NOTE: I didn't configure ldap group here. Do you really need group?