MediaWiki on Linux: Domain Authentication

Enabling LDAP authentication on MediaWiki is fairly straightforward, but there are a couple tricks and gotchas to watch out for.

First, a couple packages are needed: php-ldap (through your packaged manager) and Extension:LDAP Authentication (download and install as instructed).

This assumes that you already have your Linux server working with your LDAP environment.

First, edit /etc/openldap/ldap.conf and add this line to the bottom:


After all, we trust our own domain, right?

In your LocalSettings.php, add the following:

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array(

$wgLDAPServerNames = array(
'' => ''

$wgLDAPSearchAttributes = array(
'' => 'sAMAccountName'

$wgLDAPBaseDNs = array(
'' => 'dc=my,dc=domain,dc=com'

$wgLDAPEncryptionType = array(
'' => 'ssl'

$wgMinimalPasswordLength = 1;

Just change to your FQDN.

After updating both files, on command line run:

/path/to/wiki/maintenance/php update.php

You should now be able to log in with your domain user. I also disabled anonymous editing in my configuration.