mirror of
https://github.com/YunoHost-Apps/mediawiki_ynh.git
synced 2024-09-03 19:46:05 +02:00
Revamp LDAP :
* Move ldap config to json file * enable all extensions * rename options
This commit is contained in:
parent
972e7348d7
commit
22f0b46bde
6 changed files with 143 additions and 69 deletions
|
@ -135,59 +135,54 @@ wfLoadSkin( 'Vector' );
|
||||||
# End of automatically generated settings.
|
# End of automatically generated settings.
|
||||||
# Add more configuration options below.
|
# Add more configuration options below.
|
||||||
|
|
||||||
# Enabled extensions. Most of the extensions are enabled by adding
|
# LDAP Settings
|
||||||
# wfLoadExtensions('ExtensionName');
|
# See https://www.mediawiki.org/wiki/Manual:Active_Directory_Integration
|
||||||
# to LocalSettings.php. Check specific extension documentation for more details.
|
|
||||||
|
|
||||||
# LDAPProvider
|
|
||||||
# https://www.mediawiki.org/wiki/Extension:LDAPProvider
|
|
||||||
wfLoadExtension( 'LDAPProvider' );
|
|
||||||
|
|
||||||
# PluggableAuth
|
|
||||||
# https://www.mediawiki.org/wiki/Extension:PluggableAuth
|
|
||||||
wfLoadExtension( 'PluggableAuth' );
|
|
||||||
|
|
||||||
$wgPluggableAuth_EnableLocalLogin = true;
|
|
||||||
$wgPluggableAuth_EnableLocalProperties = true;
|
|
||||||
|
|
||||||
# LDAPAuthentication2
|
|
||||||
# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
|
|
||||||
wfLoadExtension( 'LDAPAuthentication2' );
|
|
||||||
|
|
||||||
# Note(decentral1se): leaving here in case we need them one day
|
|
||||||
# LDAPGroups
|
|
||||||
# https://www.mediawiki.org/wiki/Extension:LDAPGroups
|
|
||||||
# wfLoadExtension( 'LDAPGroups' );
|
|
||||||
|
|
||||||
# Note(decentral1se): leaving here in case we need them one day
|
|
||||||
# LDAPUserInfo
|
|
||||||
# https://www.mediawiki.org/wiki/Extension:LDAPUserInfo
|
|
||||||
# wfLoadExtension( 'LDAPUserInfo' );
|
|
||||||
|
|
||||||
# Note(decentral1se): leaving here in case we need them one day
|
|
||||||
# LDAPAuthorization
|
|
||||||
# https://www.mediawiki.org/wiki/Extension:LDAPAuthorization
|
|
||||||
# wfLoadExtension( 'LDAPAuthorization' );
|
# wfLoadExtension( 'LDAPAuthorization' );
|
||||||
|
wfLoadExtension( 'LDAPAuthentication2' );
|
||||||
|
wfLoadExtension( 'LDAPGroups' );
|
||||||
|
wfLoadExtension( 'LDAPProvider' );
|
||||||
|
wfLoadExtension( 'LDAPUserInfo' );
|
||||||
|
wfLoadExtension( 'PluggableAuth' );
|
||||||
|
wfLoadExtension( 'Auth_remoteuser' );
|
||||||
|
|
||||||
# LDAP configuration
|
# Yunohost configuration values for config_panel
|
||||||
$LDAPProviderDomainConfigProvider = function() {
|
$public_wiki = __PUBLIC_WIKI__;
|
||||||
$config = [
|
$local_accounts = __LOCAL_ACCOUNTS__;
|
||||||
"LDAP" => [
|
$yunohost_accounts = __YUNOHOST_ACCOUNTS__;
|
||||||
"connection" => [
|
|
||||||
"server" => "localhost",
|
# Configuration of the generic PluggableAuth extension
|
||||||
"port" => "389",
|
$wgPluggableAuth_EnableLocalLogin = $local_accounts;
|
||||||
"basedn" => "dc=yunohost,dc=org",
|
$wgPluggableAuth_EnableLocalProperties = true;
|
||||||
"groupbasedn" => "ou=users,dc=yunohost,dc=org",
|
$wgPluggableAuth_EnableFastLogout = true;
|
||||||
"userbasedn" => "ou=groups,dc=yunohost,dc=org",
|
# $wgPluggableAuth_ButtonLabel = "Log In";
|
||||||
"searchattribute" => "uid",
|
|
||||||
"usernameattribute" => "uid",
|
# Configuration of the Yunohost LDAP+SSO
|
||||||
"realnameattribute" => "cn",
|
if ($yunohost_accounts) {
|
||||||
"emailattribute" => "mail"
|
$LDAPProviderDomainConfigs = "$IP/ldapproviders.json";
|
||||||
]
|
$LDAPProviderDefaultDomain = "yunohost.local";
|
||||||
]
|
|
||||||
|
$wgPluggableAuth_Config["Log In with Yunohost"] = [
|
||||||
|
"plugin" => "LDAPAuthentication2",
|
||||||
|
"data" => [ "domain" => "yunohost.local" ]
|
||||||
];
|
];
|
||||||
|
|
||||||
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
|
$wgAuthRemoteuserUserUrls = [
|
||||||
};
|
'logout' => 'https://__DOMAIN__/yunohost/sso/?action=logout'
|
||||||
$createaccount = __CREATE_ACCOUNT__;
|
];
|
||||||
$wgGroupPermissions['*']['createaccount'] = $createaccount;
|
}
|
||||||
|
|
||||||
|
# Auth_remoteuser will read the REMOTE_USER http header (for Yunohost SSO)
|
||||||
|
$wgAuthRemoteuserUserName = [
|
||||||
|
getenv('REMOTE_USER'),
|
||||||
|
];
|
||||||
|
|
||||||
|
# Allow users to login as other than SSO logged in user
|
||||||
|
$wgAuthRemoteuserAllowUserSwitch = true;
|
||||||
|
|
||||||
|
# $wgEmailConfirmToEdit = false;
|
||||||
|
$wgGroupPermissions['*']['edit'] = $public_wiki;
|
||||||
|
$wgGroupPermissions['*']['read'] = $public_wiki;
|
||||||
|
$wgGroupPermissions['*']['createaccount'] = $local_accounts;
|
||||||
|
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||||
|
$wgBlockDisablesLogin = true;
|
||||||
|
|
24
conf/ldapproviders.json
Normal file
24
conf/ldapproviders.json
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
"yunohost.local": {
|
||||||
|
"connection": {
|
||||||
|
"server": "localhost",
|
||||||
|
"port": "389",
|
||||||
|
"use-tls": "false",
|
||||||
|
"basedn": "dc=yunohost,dc=org",
|
||||||
|
"userbasedn": "ou=users,dc=yunohost,dc=org",
|
||||||
|
"groupbasedn": "ou=groups,dc=yunohost,dc=org",
|
||||||
|
"searchattribute": "uid",
|
||||||
|
"usernameattribute": "uid",
|
||||||
|
"realnameattribute": "cn",
|
||||||
|
"emailattribute": "mail",
|
||||||
|
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
|
||||||
|
"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]
|
||||||
|
},
|
||||||
|
"userinfo": [],
|
||||||
|
"authorization": [],
|
||||||
|
"groupsync": {
|
||||||
|
"mapping": {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -3,14 +3,32 @@ version = "1.0"
|
||||||
[main]
|
[main]
|
||||||
name = "Mediawiki configuration"
|
name = "Mediawiki configuration"
|
||||||
|
|
||||||
|
|
||||||
[main.config]
|
[main.config]
|
||||||
name = "Configuration Options"
|
name = "Configuration Options"
|
||||||
|
|
||||||
[main.config.create_account]
|
[install.public_wiki]
|
||||||
ask = "Create account"
|
ask.en = "Is this Wiki public ?"
|
||||||
|
ask.fr = "Ce Wiki est-il public ?"
|
||||||
|
help.en = "This visibility is handled by Mediawiki, not Yunohost"
|
||||||
|
help.fr = "Cette visibilité est gérée par Mediawiki, pas Yunohost"
|
||||||
type = "boolean"
|
type = "boolean"
|
||||||
yes = true
|
default = true
|
||||||
no = false
|
bind = ":__INSTALL_DIR__/LocalSettings.php"
|
||||||
help = "Set to 'true' to allow account creation."
|
|
||||||
bind = "createaccount:__INSTALL_DIR__/LocalSettings.php"
|
[install.local_accounts]
|
||||||
|
ask.en = "Allow local accounts (non-Yunohost login) ?"
|
||||||
|
ask.fr = "Autoriser les comptes locaux (non connectés à Yunohost) ?"
|
||||||
|
help.en = "If this is enabled, people without a Yunohost account can create an account, local to the wiki."
|
||||||
|
help.fr = "Si activé, les personnes sans compte Yunohost pourront créer un compte local au wiki."
|
||||||
|
type = "boolean"
|
||||||
|
default = false
|
||||||
|
bind = ":__INSTALL_DIR__/LocalSettings.php"
|
||||||
|
|
||||||
|
[install.yunohost_accounts]
|
||||||
|
ask.en = "Link with Yunohost accounts"
|
||||||
|
ask.fr = "Lier aux comptes Yunohost"
|
||||||
|
help.en = "If this is enabled, Yunohost users will be able to login."
|
||||||
|
help.fr = "Si activé, les utilisateurs Yunohost pourront s'authentifier."
|
||||||
|
type = "boolean"
|
||||||
|
default = true
|
||||||
|
bind = ":__INSTALL_DIR__/LocalSettings.php"
|
||||||
|
|
|
@ -38,8 +38,8 @@ ram.runtime = "50M"
|
||||||
default = "/wiki"
|
default = "/wiki"
|
||||||
|
|
||||||
[install.init_main_permission]
|
[install.init_main_permission]
|
||||||
help.en = "Visibility of the wiki pages"
|
help.en = "Visibility of the wiki (handled by Yunohost)"
|
||||||
help.fr = "La visibilité des pages du wiki"
|
help.fr = "La visibilité du wiki (gérée par Yunohost)"
|
||||||
type = "group"
|
type = "group"
|
||||||
default = "visitors"
|
default = "visitors"
|
||||||
|
|
||||||
|
@ -64,12 +64,42 @@ ram.runtime = "50M"
|
||||||
type = "string"
|
type = "string"
|
||||||
default = "YunoWiki"
|
default = "YunoWiki"
|
||||||
|
|
||||||
|
[install.public_wiki]
|
||||||
|
ask.en = "Is this Wiki public ?"
|
||||||
|
ask.fr = "Ce Wiki est-il public ?"
|
||||||
|
help.en = "This visibility is handled by Mediawiki, not Yunohost"
|
||||||
|
help.fr = "Cette visibilité est gérée par Mediawiki, pas Yunohost"
|
||||||
|
type = "boolean"
|
||||||
|
default = true
|
||||||
|
|
||||||
|
[install.local_accounts]
|
||||||
|
ask.en = "Allow local accounts (non-Yunohost login) ?"
|
||||||
|
ask.fr = "Autoriser les comptes locaux (non connectés à Yunohost) ?"
|
||||||
|
help.en = "If this is enabled, people without a Yunohost account can create an account, local to the wiki."
|
||||||
|
help.fr = "Si activé, les personnes sans compte Yunohost pourront créer un compte local au wiki."
|
||||||
|
type = "boolean"
|
||||||
|
default = false
|
||||||
|
|
||||||
|
[install.yunohost_accounts]
|
||||||
|
ask.en = "Link with Yunohost accounts"
|
||||||
|
ask.fr = "Lier aux comptes Yunohost"
|
||||||
|
help.en = "If this is enabled, Yunohost users will be able to login."
|
||||||
|
help.fr = "Si activé, les utilisateurs Yunohost pourront s'authentifier."
|
||||||
|
type = "boolean"
|
||||||
|
default = true
|
||||||
|
|
||||||
|
|
||||||
[resources]
|
[resources]
|
||||||
[resources.sources]
|
[resources.sources]
|
||||||
[resources.sources.main]
|
[resources.sources.main]
|
||||||
url = "https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.1.tar.gz"
|
url = "https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.1.tar.gz"
|
||||||
sha256 = "e05d419de40c6ad03145aca07e08cf995d1ca1667d97793bb73970e2c11b0a04"
|
sha256 = "e05d419de40c6ad03145aca07e08cf995d1ca1667d97793bb73970e2c11b0a04"
|
||||||
|
|
||||||
|
[resources.sources.auth_remoteuser]
|
||||||
|
url = "https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser/archive/1a72290f4b3f35694a9a0a71d7c17258badca429.tar.gz"
|
||||||
|
sha256 = "4864edde068209a8a72a97238041220d47b3d4cd4c353637dd0857f488b67904"
|
||||||
|
in_subdir = true
|
||||||
|
|
||||||
[resources.sources.ldap_groups]
|
[resources.sources.ldap_groups]
|
||||||
url = "https://github.com/wikimedia/mediawiki-extensions-LDAPGroups/archive/6babc982f16ea9b6a6a64d45e55413c663bc6b6f.tar.gz"
|
url = "https://github.com/wikimedia/mediawiki-extensions-LDAPGroups/archive/6babc982f16ea9b6a6a64d45e55413c663bc6b6f.tar.gz"
|
||||||
sha256 = "88ce087760726ea61c002c8d4b169b1d3a5421d76d8e4afa916ba55051a9130a"
|
sha256 = "88ce087760726ea61c002c8d4b169b1d3a5421d76d8e4afa916ba55051a9130a"
|
||||||
|
|
10
scripts/install
Normal file → Executable file
10
scripts/install
Normal file → Executable file
|
@ -26,13 +26,16 @@ ynh_script_progression --message="Setting up source files..." --weight=4
|
||||||
|
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
ynh_setup_source --dest_dir="$install_dir"
|
ynh_setup_source --dest_dir="$install_dir"
|
||||||
|
|
||||||
|
# See https://www.mediawiki.org/wiki/Manual:Active_Directory_Integration
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/extensions/Auth_remoteuser" --source_id="auth_remoteuser"
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthorization" --source_id="ldap_authorization"
|
||||||
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthentication2" --source_id="ldap_authentication2"
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthentication2" --source_id="ldap_authentication2"
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPGroups" --source_id="ldap_groups"
|
||||||
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPProvider" --source_id="ldap_provider"
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPProvider" --source_id="ldap_provider"
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPUserInfo" --source_id="ldap_userinfo"
|
||||||
ynh_setup_source --dest_dir="$install_dir/extensions/PluggableAuth" --source_id="pluggable_auth"
|
ynh_setup_source --dest_dir="$install_dir/extensions/PluggableAuth" --source_id="pluggable_auth"
|
||||||
|
|
||||||
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPGroups" --source_id="ldap_groups"
|
|
||||||
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPUserInfo" --source_id="ldap_userinfo"
|
|
||||||
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthorization" --source_id="ldap_authorization"
|
|
||||||
|
|
||||||
chmod -R o-rwx "$install_dir"
|
chmod -R o-rwx "$install_dir"
|
||||||
chown -R $app:www-data "$install_dir"
|
chown -R $app:www-data "$install_dir"
|
||||||
|
@ -94,6 +97,7 @@ mv "$install_dir/LocalSettings.php" "$install_dir/LocalSettings.php.orig"
|
||||||
wiki_name_underscorified="${wiki_name//[^a-zA-Z0-9]/_}"
|
wiki_name_underscorified="${wiki_name//[^a-zA-Z0-9]/_}"
|
||||||
|
|
||||||
ynh_add_config --template="../conf/LocalSettings.php" --destination="$install_dir/LocalSettings.php"
|
ynh_add_config --template="../conf/LocalSettings.php" --destination="$install_dir/LocalSettings.php"
|
||||||
|
ynh_add_config --template="../conf/ldapproviders.json" --destination="$install_dir/ldapproviders.json"
|
||||||
|
|
||||||
# This is required to update database schemas
|
# This is required to update database schemas
|
||||||
"php$phpversion" "$install_dir/maintenance/update.php"
|
"php$phpversion" "$install_dir/maintenance/update.php"
|
||||||
|
|
13
scripts/upgrade
Normal file → Executable file
13
scripts/upgrade
Normal file → Executable file
|
@ -58,14 +58,15 @@ then
|
||||||
|
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
ynh_setup_source --dest_dir="$install_dir"
|
ynh_setup_source --dest_dir="$install_dir"
|
||||||
|
|
||||||
|
# See https://www.mediawiki.org/wiki/Manual:Active_Directory_Integration
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/extensions/Auth_remoteuser" --source_id="auth_remoteuser"
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthorization" --source_id="ldap_authorization"
|
||||||
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthentication2" --source_id="ldap_authentication2"
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthentication2" --source_id="ldap_authentication2"
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPGroups" --source_id="ldap_groups"
|
||||||
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPProvider" --source_id="ldap_provider"
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPProvider" --source_id="ldap_provider"
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPUserInfo" --source_id="ldap_userinfo"
|
||||||
ynh_setup_source --dest_dir="$install_dir/extensions/PluggableAuth" --source_id="pluggable_auth"
|
ynh_setup_source --dest_dir="$install_dir/extensions/PluggableAuth" --source_id="pluggable_auth"
|
||||||
|
|
||||||
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPGroups" --source_id="ldap_groups"
|
|
||||||
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPUserInfo" --source_id="ldap_userinfo"
|
|
||||||
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthorization" --source_id="ldap_authorization"
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chmod -R o-rwx "$install_dir"
|
chmod -R o-rwx "$install_dir"
|
||||||
|
@ -115,6 +116,8 @@ if (( password_length < 10 )); then
|
||||||
echo "\$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;" >> "$install_dir/LocalSettings.php"
|
echo "\$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;" >> "$install_dir/LocalSettings.php"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
ynh_add_config --template="../conf/ldapproviders.json" --destination="$install_dir/ldapproviders.json"
|
||||||
|
|
||||||
# This is required to update database schemas
|
# This is required to update database schemas
|
||||||
"php$phpversion" "$install_dir/maintenance/update.php"
|
"php$phpversion" "$install_dir/maintenance/update.php"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue