Mediawiki ipa
Goal
Configure our mediawiki installation for Single Sing On (SSO) when logged in a IPA kerberos/ldap domain.
Requirements
- We need (at least) a working ipa domain. See the instructions on how to install one: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ ; the instructions are the same for RHEL clones like CentOS or Scientific Linux.
In my case, the IPA domain is IPA.ASENJO.NX. The server containing the kerberos kdc, ldap directory and DNS server is kdc.ipa.asenjo.nx.
- a webserver with a basic mediawiki application installed and configured. See the mediawikiwiki:installation guide.
In my case, the webserver is running apache2 with virtual hosting. The virtual host is called mediawiki.ipa.asenjo.nx, which is a CNAME to webserver01.ipa.asenjo.nx. The DocumentRoot of the mediawiki installation is /var/www/html/mediawiki.
You can find about apache2 virtual hosting here.
The webserver does not necessarily have to be joined to the IPA domain but this guide assumes it is. Besides, why would you not want to use your centralized authentication/authorazation store? So go ahead and join the webserver to the IPA domain :-) (see joining clients to IPA domain
Get the LDAP authentication extension for mediawiki
You can download it from mediawikiwiki:Extension:LDAP_Authentication ; on the right side of the page you can find download link to 'donwload snapshot': mediawikiwiki:Special:ExtensionDistributor/LdapAuthentication. I have tested this with the latest stable version at this moment: 1.18.x. When you click on continue, a tarball will be downloaded to your computer. Follow the instructions on the next page to copy and extract the tarball to the right place in the webserver where mediawiki is installed. So copy the tarball to the webserver with scp and unpack it in the right place:
tar -xzf LdapAuthentication-MW1.18-90286.tar.gz -C /var/www/html/mediawiki/extensions
This will create a directory LDAPAuthentication inside the directory 'extensions' with four files:
[admin@webserver01 extensions]$ ls -l LdapAuthentication
total 84
-rw-r--r--. 1 2010 2013 9221 Nov 14 2011 LdapAuthentication.i18n.php
-rw-r--r--. 1 2010 2013 62268 Nov 14 2011 LdapAuthentication.php
-rw-r--r--. 1 2010 2013 2892 Nov 14 2011 LdapAutoAuthentication.php
-rw-r--r--. 1 2010 2013 256 Nov 14 2011 README