WIP: LDAP server and support for Mastodon, ejabberd and MediaWiki #112
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "feature/107-ldap"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The kosmos-dirsrv::default recipe sets up 389 Directory Server, including a TLS cert acquired using Let's Encrypt in production (that requires ldap.kosmos.org pointing to the server's IP). It also creates a group (ou=users,dc=kosmos,dc=org
) for the users. Mastodon, ejabberd and MediaWiki are configured so that the existing users in the databases still work. For MediaWiki the UI is a bit clunky, there is "Log in" button to log in using the database and "Log in with PluggableAuth" to log in using LDAP. Once we have migrated the existing users to LDAP we can set
$wgPluggableAuth_EnableLocalLogin
to false to remove the option to login using the database, leaving only the "Log in with PluggableAuth" buttonExample user:
Hashed password generated with:
Imported into the server using:
This is not running on a server yet, it has only been tested in a VM. Before running this we will need to set the DNS entry for ldap.kosmos.org to the IP of the chosen server
Closes #112
I'm going to split this up into two PRs, one to create the LDAP server and another one for the config changes for the services
LDAP server and support for Mastodon, ejabberd and MediaWikito WP: LDAP server and support for Mastodon, ejabberd and MediaWikiWP: LDAP server and support for Mastodon, ejabberd and MediaWikito WIP: LDAP server and support for Mastodon, ejabberd and MediaWikigreg referenced this pull request2019-12-04 16:48:09 +00:00
Pull request closed