Enabling LDAP authentication on MediaWiki is fairly straightforward, but there are a couple tricks and gotchas to watch out for.
First, a couple packages are needed: php-ldap (through your packaged manager) and Extension:LDAP Authentication (download and install as instructed).
This assumes that you already have your Linux server working with your LDAP environment.
First, edit /etc/openldap/ldap.conf and add this line to the bottom:
TLS_REQCERT never
After all, we trust our own domain, right?
In your LocalSettings.php, add the following:
require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php"); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( 'my.domain.com' ); $wgLDAPServerNames = array( 'my.domain.com' => 'ldap.domain.com' ); $wgLDAPSearchAttributes = array( 'my.domain.com' => 'sAMAccountName' ); $wgLDAPBaseDNs = array( 'my.domain.com' => 'dc=my,dc=domain,dc=com' ); $wgLDAPEncryptionType = array( 'my.domain.com' => 'ssl' ); $wgMinimalPasswordLength = 1;
Just change my.domain.com to your FQDN.
After updating both files, on command line run:
/path/to/wiki/maintenance/php update.php
You should now be able to log in with your domain user. I also disabled anonymous editing in my configuration.