[Mediawiki-l] MediaWiki, LDAP Authentication and AD groups

[MHart]

>    OK - but how does this work vis-a-vis AD authentication and groups?

Good question - I only know how to do that via my own auth scripts. I use 
MediaWiki's LDAP integration for sign in and registration, but I use my own 
LDAP scripts to retrieve other information.

Here's a script that will retrieve information about a user. In my scripts, 
I don't need to authorize to retrieve public information - all I need is the 
application ID given me by the directory services. This script includes 
authentication at the end.

# Matt Hart - PHP-based authentication against the directory
# Tested on Fedora Core 4 with Apache 2.0.54, PHP 4.3.11, OpenLDAP
# OpenSSL, php-ldap

echo "<br>Attempting Secure LDAP Connection<br>";

$mh_ldaphost = "ldaps://yourdirectoryhost.com:636";
$mh_ldapconn = ldap_connect($mh_ldaphost) or die ("Failed");
echo "<br>Succeeded ... Testing app binding<br>";

# Bind using app credentials
$mh_appid = "XXXXXXX"; // ****** Use your application id
$mh_dn = "uid=" . $mh_appid . ",ou=theApps,o=dirIntuit.com";
$mh_bind = ldap_bind($mh_ldapconn, $mh_dn) or die("Failed");
echo "<br>Succeeded ... Get user corp ID</br>";

# Get the user's corporate ID
$mh_search = "ou=employees,ou=people,o=dirIntuit.com";
$mh_userid = "XXXXXXXX"; // ****** User ID to find
$mh_filter = "(uid=" . $mh_userid . ")";
$mh_search = ldap_search($mh_ldapconn, $mh_search, $mh_filter) or die 
("Failed");
echo "<br>Succeeded: ";
$mh_entries = ldap_get_entries($mh_ldapconn, $mh_search);
$mh_corpid = $mh_entries[0]["intuitid"][0];
echo "CorpID=" . $mh_corpid;

# Authenticate the user
echo "<br><br>Authenticating...<br>";

$mh_authdn = "intuitcorpid=" . $mh_corpid . 
",ou=employees,ou=people,o=intuit.com";
$mh_authpass = "XXXXXXXX"; // ****** User password
$mh_authbind = ldap_bind($mh_ldapconn, $mh_authdn, $mh_authpass) or 
die("Failed");
die("Success");


- MHart