使用Mediawiki在本地域上的LDAP [英] LDAP on local domain with Mediawiki
问题描述
仅使我的MediaWiki在本地域上运行(在Synology nas上作为容器运行).现在,我要配置,以便只有域用户可以访问Wiki并自动登录.这仅是通过页面编辑跟踪用户名的目的.我的本地域是abc.local,域控制器是Windows Server 2008 R2.
Just got my MediaWiki running on a local domain (running as container on Synology nas). Now i want to configure so only domain users can access the Wiki and are automatically logged in. This is for the sole purpose of tracking user name with page edits. My local domain is abc.local and my domain controller is Windows Server 2008 R2.
我已完成以下操作:
1)已安装的扩展LDAPProvider,LDAPAuthentication2和PluggableAuth.
1) Installed extensions LDAPProvider, LDAPAuthentication2, and PluggableAuth.
2)在我的LocalSettings.php的底部添加了以下内容.
2) Added the following to the bottom of my LocalSettings.php.
wfLoadExtension( 'PluggableAuth' );
$wgPluggableAuth_EnabledAutoLogin = true;
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPProvider' );
$LDAPProviderDomainConfigProvider = function () {
$config = [
'LDAP' => [
'connection' => [
"server" => "abc.local",
"user" => "cn=Administrator,dc=abc,dc=local",
"pass" => 'passwordhere',
"options" => [
"LDAP_OPT_DEREF" => 1
],
"basedn" => "dc=abc,dc=local",
"groupbasedn" => "dc=abc,dc=local",
"userbasedn" => "dc=abc,dc=local",
"searchstring" => "uid=USER-NAME,dc=abc,dc=local",
"emailattribute" => "mail"
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"searchattribute" => "uid",
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
插件正在运行:
当我转到主页时,我不会自动登录,因此我尝试使用域凭据登录并获得以下信息:
When i go to the main page i'm not automatically logged in, so i try to log in with domain creds and get the following:
我在这里很绿,不知道如何配置.有什么想法吗?
I'm pretty green here and not sure how to configure things. Any ideas?
谢谢, 鲁斯
编辑:添加$wgShowExceptionDetails = true;后,我收到以下错误消息:
EDIT: After adding $wgShowExceptionDetails = true; I'm getting the following error message:
EDIT2 :从phpinfo()截取
EDIT2: Snip from phpinfo()
EDIT3 :从新容器开始,尝试使php-ldap扩展正常工作并解决ldap_connect()错误.这是我上次尝试时采取的步骤:
EDIT3: Started over with new containers in attempt to get php-ldap extension working and get around the ldap_connect() error. Here are the steps i took with my last attempt:
参考: https://wiki .chairat.me/books/docker/page/how-to-setup-mediawiki-with-docker
-
从控制面板终端&中启用SSH服务; SNMP,然后打开到Synology框的SSH连接(使用Putty).以管理员身份登录.
Enable SSH service from control panel Terminal & SNMP and then open an SSH connection to the Synology box (using Putty). Login as box admin.
运行以下命令,根据最新的mediawiki映像创建一个名为mediawiki的新Docker容器:
Run the following command to create a new docker container named mediawiki based on the latest mediawiki image:
sudo docker容器运行-d --name mediawiki -p 8080:80 mediawiki
sudo docker container run -d --name mediawiki -p 8080:80 mediawiki
运行以下命令,根据最新的MySQL映像创建一个名为mediakwiki-mysql的新Docker容器.替换为所需的MySQL根密码:
Run the following command to create a new docker container named mediakwiki-mysql based on the latest MySQL image. Replace with desired MySQL root password:
sudo docker容器运行-d --name mediawiki-mysql -v mediawiki-mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD = mysql
sudo docker container run -d --name mediawiki-mysql -v mediawiki-mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD= mysql
运行以下3个命令以创建docker网络,然后将2个映像绑定到其中:
Run the following 3 command's to create a docker network and then tie the 2 images into it:
sudo docker网络创建mediawiki
sudo docker network create mediawiki
sudo docker网络连接mediawiki mediawiki
sudo docker network connect mediawiki mediawiki
sudo docker网络连接mediawiki mediawiki-mysql
sudo docker network connect mediawiki mediawiki-mysql
参考:
接下来,在mediawiki-mysql容器中打开bash终端,并在必要时将根插件设置为mysql_native_password:
Next, open a bash terminal in the mediawiki-mysql container and set the root plugin to mysql_native_password if necessary: mysql -uroot -p(这将打开一个mysql提示符,其中是您在3.中设置的内容,而没有<>) mysql -uroot -p (this opens a mysql prompt where is what you set up in 3. without the <>) SELECT用户,身份验证字符串,插件,主机FROM mysql.user; (其中列出了用户属性) SELECT user,authentication_string,plugin,host FROM mysql.user; (this lists user attributes) ALTER USER'root'@'localhost'由mysql_native_password标识为'password'; (密码也是上面的设置) ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password'; (password is the set above too) 使用mysql_native_password通过'password'标识ALTER USER'root'@'%'; ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password'; 在mediawiki-mysql容器中添加卷映射,以便您可以向容器中复制文件或从中复制文件,以及可以通过Synology上的File Station访问的共享. Add a volume mapping in the mediawiki-mysql container so you can copy files to/from the container and a share you can access with File Station on the Synology. 如果容器正在运行,请停止它. Stop the container if it is running. 右键单击并选择编辑",然后单击音量". Right-click and select Edit, then click on Volume. 单击添加文件夹",然后选择要使用的共享卷.对于挂载路径",请输入/var/lib/mysql Click "Add Folder" and select the shared volume you will use. For "Mount path" put /var/lib/mysql 启动容器. 参考: https: //computingforgeeks.com/how-to-install-php-7-3-on-debian-9-debian-8/ 如果要启用ldap身份验证(例如,如果您的域具有活动目录等),则将php-ldap扩展名添加到mediawiki容器中.在mediawiki容器中打开bash终端: Add php-ldap extension to the mediawiki container if you want to enable ldap authentication (e.g. if you have domain with active directory etc.). Open a bash terminal in the mediawiki container: php -m(这将列出所有活动的PHP模块-如果尚未安装ldap,则不会列出) php -m (this will list all of the active PHP modules - ldap is not listed if not installed yet) php -v(这将显示正在运行的PHP版本) php -v (this will show you what version of PHP you are running) 获取更新 apt-get升级-y apt-get upgrade -y apt-get install libldb-dev libldap2-dev apt-get install libldb-dev libldap2-dev cd/usr/local/bin cd /usr/local/bin docker-php-ext-install ldap(这需要一段时间) docker-php-ext-install ldap (this takes a while) php -m(在列表中显示ldap) php -m (this shows ldap in the list) 在继续使用Ldap扩展程序之前,先设置MediaWiki. Setup the MediaWiki before going on to the Ldap extension stuff. 打开" http://XXX.XXX.XXX.XXX:8080/在浏览器中进行配置.对于mysql,使用"mediawiki-mysql"代替"localhost".将LocalSettings.php放入/usr/www/html文件夹. Open "http://XXX.XXX.XXX.XXX:8080/" in browser and configure. Use "mediawiki-mysql" in place of "localhost" for mysql. Put LocalSettings.php into the /usr/www/html folder. 安装支持LdapAuthentication2所需的LDAPProvider MediaWiki扩展 Install the LDAPProvider mediawiki extension needed to support LdapAuthentication2 wget" https://extdist.wmflabs.org /dist/extensions/LDAPProvider-master-04dc101.tar.gz " tar -xzf LDAPProvider-master-04dc101.tar.gz -C/var/www/html/extensions tar -xzf LDAPProvider-master-04dc101.tar.gz -C /var/www/html/extensions rm LDAPProvider-master-04dc101.tar.gz rm LDAPProvider-master-04dc101.tar.gz 添加"wfLoadExtension('LDAPProvider');到LocalSettings.php文件. add "wfLoadExtension( 'LDAPProvider' );" to the LocalSettings.php file. 运行"php maintenance/update.php"以创建所需的数据库(需要几秒钟). run "php maintenance/update.php" to create the required databases (takes a few seconds). wget" https://extdist.wmflabs.org /dist/extensions/PluggableAuth-REL1_34-17fb1ea.tar.gz " tar -xzf PluggableAuth-REL1_34-17fb1ea.tar.gz -C/var/www/html/extensions tar -xzf PluggableAuth-REL1_34-17fb1ea.tar.gz -C /var/www/html/extensions rm PluggableAuth-REL1_34-17fb1ea.tar.gz rm PluggableAuth-REL1_34-17fb1ea.tar.gz 添加"wfLoadExtension('PluggableAuth');"到LocalSettings.php文件. add "wfLoadExtension( 'PluggableAuth' );" to the LocalSettings.php file. wget" https://extdist.wmflabs.org /dist/extensions/LDAPAuthentication2-master-cb07184.tar.gz " tar -xzf LDAPAuthentication2-master-cb07184.tar.gz -C/var/www/html/extensions tar -xzf LDAPAuthentication2-master-cb07184.tar.gz -C /var/www/html/extensions rm LDAPAuthentication2-master-cb07184.tar.gz rm LDAPAuthentication2-master-cb07184.tar.gz 添加"wfLoadExtension('LDAPAuthentication2');"到LocalSettings.php文件. add "wfLoadExtension( 'LDAPAuthentication2' );" to the LocalSettings.php file. 复制具有LDAP配置的LocalSettings.php文件(上面我的原始问题中的项目2). copy in the LocalSettings.php file that has the LDAP configuration (item 2 in my original question above).
基于评论对话和上面的其他分步列表,这里有一些想法: Based on the comments conversation and the additional step-by-step list above, here some thoughts: 如果要启用ldap身份验证(例如,如果您的域具有活动目录等),则将php-ldap扩展名添加到mediawiki容器中.在mediawiki容器中打开bash终端: Add php-ldap extension to the mediawiki container if you want to enable ldap authentication (e.g. if you have domain with active directory etc.). Open a bash terminal in the mediawiki container: php -m(这将列出所有活动的PHP模块-如果尚未安装ldap,则不会列出) php -m (this will list all of the active PHP modules - ldap is not listed if not installed yet) php -v(这将显示正在运行的PHP版本) php -v (this will show you what version of PHP you are running) 获取更新 apt-get升级-y apt-get upgrade -y apt-get install libldb-dev libldap2-dev apt-get install libldb-dev libldap2-dev cd/usr/local/bin cd /usr/local/bin docker-php-ext-install ldap(这需要一段时间) docker-php-ext-install ldap (this takes a while) php -m(在列表中显示ldap) php -m (this shows ldap in the list) 我强烈怀疑这是否同时起作用,即使它会起作用,那么我也怀疑它是否会以可持续的方式起作用.此解决方案"存在的问题是: I strongly doubt that this is working both at all and even if it would work, then I doubt it would work in a sustainable way. The problems with this "solution" are: 可以解决您的问题的解决方案是根据mediawiki:最新的docker映像创建自己的映像.然后,您可以在其中添加所有必需的库,并使用该映像而不是基础映像.为此,您需要执行以下步骤: The solution, that will work with your problem, is to create your own image, based on the mediawiki:latest docker image. In this you can then add all the required libraries and use this image instead of the base one. Here're the steps you need to do to achieve that:
生成的容器安装了ldap插件,也可以从处理传入请求的php守护程序中使用它. The resulting container has the ldap plugin installed and it can also be used from the php daemon which handles incoming requests. 对后续设置的一些说明:如果我对它的理解是正确的,那么您还将通过在容器中使用外壳并降级扩展来在容器本身中安装扩展.这也不是最好的主意,因为正如我已经说过的那样,当您重新创建容器时(应该总是可能的,并且您不必考虑这一点),扩展也将被删除.您应该将扩展目录作为一个卷注入到容器中,并将扩展保存在主机磁盘上.或者,您也可以在 Some remarks to your subsequent setup: If I understand it correctly, you're also installing extensions in the container itself, as well, by using a shell in the container and downaloding the extension. This is also not the best idea of doing, as, as I said already, when you recreate the container (which shouldbe possible always and you shouldn't think about that), the extensions are deleted as well. You should inject the extensions directory as a volume to the container and save the extensions on your hosts disk. Or, as an alternative, you can install the MediaWiki extension in the 这篇关于使用Mediawiki在本地域上的LDAP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
推荐答案
Dockerfile:此文件是docker知道如何构建映像的一组说明.
Dockerfile in this directory on your host: This file is a set of instructions for docker to know how to build the image.# inherit from the official mediawiki image
FROM mediawiki:latest
# Install the required libraries for adding the ldap extension for php
RUN apt-get update && \
apt-get install -y libldb-dev libldap2-dev && \
rm -rf /var/lib/apt/lists/*
RUN docker-php-ext-install ldap
docker build -t mediawiki:local . -t为生成的图像创建标签,以便您可以使用此有意义的名称代替图像的校验和.但是,您可以选择所需的名称和标签.docker run -v /path/to/LocalSettings.php:/var/www/html/LocalSettings.php -p 8080:80 --rm=true -d mediawiki:local.该命令可能与您使用的命令不同,重要的一点是新的映像名称,即mediawiki:local或之前在构建步骤中使用的任何标记.
docker build -t mediawiki:local . The -t creates a tag for the resulting image so that you can use this meaningful name instead of the checksum of the image. You can, however, choose whatever name and tag you want.docker run -v /path/to/LocalSettings.php:/var/www/html/LocalSettings.php -p 8080:80 --rm=true -d mediawiki:local. The command may be different from what you use, the important bit is the new image name, which is mediawiki:local or whatever tag you used in the build step before.Dockerfile中安装MediaWiki扩展,同时也要安装ldap php扩展.Dockerfile where you install the ldap php extension as well.
