wow, what an interesting combination, but one brought about by necessity.
Windows – To get under the radar of the villanous IT department at work
Mediawiki – The best all round wiki software IMHO
XAMPP – Saves a lot of time doing configuration, has SSL support (which we’ll need)
LDAP – To authenticate against Active Directory. The whole Single Sign-On thing. If you’ve got a user database, why create a whole new one in your wiki and force your users to remember multiple passwords?
OK, setup windows and get it onto your domain. Setup XAMPP and Mediawiki. I installed XAMPP directly to c:\xampp, and moved the default contents of c:\xampp\htdocs into c:\xampp\htdocs\xampp_default. Then I installed Mediawiki into c:\xampp\htdocs. At this point you should have a working wiki, and you may like to apply a rewrite rule to make your wiki links look tidier.
Now go and grab the latest version of the LDAP Authentication plugin and pop it into c:\xampp\htdocs\includes
Now here’s the important part. The PHP manual is vague regarding setting up LDAP capability on Windows based systems, saying simply:
Note to Win32 Users: In order to enable this module on a Windows environment, you must copy several files from the DLL folder of the PHP/Win32 binary package to the SYSTEM folder of your windows machine. (Ex: C:\WINNT\SYSTEM32, or C:\WINDOWS\SYSTEM). For PHP < = 4.2.0 copy libsasl.dll, for PHP >= 4.3.0 copy libeay32.dll and ssleay32.dll to your SYSTEM folder.
So go ahead and grab libeay32.dll and ssleay32.dll and throw them into your c:\windows\system folder, and throw some copies into c:\windows\system32 for good measure. Why not? If we’re going to get our OS messy, let’s go all the way.
There is a bunch of disjointed information in the the LDAP plugin’s discussion page, so here’s the important stuff
:You must look at your php.ini. There are an entry like ”;extension=php_ldap.dll”. Search on your system for the php_ldap.dll copying the file in the /windows root/system32/ and remove the ;. SO that in php.ini the line shows like ”extension=php_ldap.dll”.
So hell, go ahead and do that too. I’m personally not sure that you should be or have to copy these .dll’s to your system/system32 directories – because php.ini declares an extension folder to reference, and the .dll’s reside there by default. However it can’t hurt to copy these .dll’s into your sysdir.
Now, the tricky part is modifying php.ini. php.ini resides in a few locations in a XAMPP install, and you’d be inclined to modify the one in c:\xampp\php however here’s where I was struggling. I couldn’t figure out why, after all my work, LDAP still wasnt showing up in phpinfo.php (more on that… right now)
Create yourself a file named phpinfo.php with the following code in it:
and place it somewhere within htdocs. So as to avoid Mediawiki jumping in ( http://yourwikiaddress/wiki/phpinfo.php = a wiki page not found ) I popped it into c:\xampp\htdocs\xampp_default and fired it up ( http://yourwikiaddress/xampp_default/phpinfo.php )
You can see that the php.ini file being referenced is not c:\xampp\php\php.ini but indeed it is c:\xampp\apache\bin\php.ini and so that is the one you should be modifying. Modify it and restart Apache, and run phpinfo.php again. Do a find for LDAP and you should get something like this:
Do a search for SSL while you’re at it to ensure that SSL is going. By default AD does not allow anonymous searches etc so you’ll probably have to setup some trust via SSL.
It’s actually all easier done than said. But for reference, here’s the relevant part of my LocalSettings.php:
$wgDiff3 = “”;
# Restrict edit to logged in users only
$wgGroupPermissions[‘*’][‘edit’] = false;
$wgGroupPermissions[‘user’][‘edit’] = true;
# Define that all pages can be read when not logged in
$wgGroupPermissions[‘*’][‘read’] = true;
# Prevent new registrations as we auth against AD as below
$wgGroupPermissions[‘*’][‘createaccount’] = false;
# Authenticate against Active Directory
require_once( ‘LdapAuthentication.php’ );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( “DOMAIN-NAME” );
$wgLDAPServerNames = array( “DOMAIN-NAME”=>”wgtn-ad-serv.dns.tld akl-ad-serv.dns.tld” );
$wgLDAPUseSSL = false; # It works, but I have a ldap.conf file
$wgLDAPUseLocal = false;
$wgLDAPAddLDAPUsers = false;
$wgLDAPUpdateLDAP = false;
$wgLDAPMailPassword = false;
$wgLDAPRetrievePrefs = true;
$wgMinimalPasswordLength = 1;
$wgLDAPSearchStrings = array( “DOMAIN-NAME”=>”DOMAIN-NAME\\USER-NAME” );
# When you make changes to this configuration file, this will make
# sure that cached pages are cleared.
$configdate = gmdate( ‘YmdHis’, @filemtime( __FILE__ ) );
$wgCacheEpoch = max( $wgCacheEpoch, $configdate );
We’ll get around to the SSL functionality when I figure out how to do it for a Windows based server. In the meantime, you can check out some more customisation/installation instructions here: