Requires the LdapAuthentication extension. Regarding precise LDAP queries YMMV.
# LDAP authentication require_once( 'extensions/LdapAuthentication/LdapAuthentication.php' ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( "domain-ldap" ); $wgLDAPServerNames = array( "domain-ldap" => "ldap.domain.org" ); $wgLDAPEncryptionType = array( "domain-ldap" => "clear" ); // "testADdomain"=>"tls", $wgLDAPSearchStrings = array( "domain-ldap"=>"uid=USER-NAME,ou=People,dc=domain,dc=org" ); $wgLDAPWriterDN = array( "domain-ldap" => "cn=Manager,dc=domain,dc=org" ); // for changing passwords; AddLDAPUsers below must be true $wgLDAPWriterPassword = array( "domain-ldap" => "MANAGERPASSWORD" ); // FIXME $wgLDAPWriteLocation = array( "domain-ldap" => "ou=People,dc=domain,dc=org" ); $wgLDAPAddLDAPUsers = array( "domain-ldap" => true ); // allow adding users to LDAP from mediawiki? require WriterDN/Password $wgLDAPUpdateLDAP = array( "domain-ldap" => true ); // for updating passwords; $wgLDAPUseLocal = array( "domain-ldap" => true ); // failover to local DB? $wgLDAPMailPassword = array( "domain-ldap" => true ); // if can't write to LDAP this is basically useless $wgLDAPRetrievePrefs = array( "domain-ldap" => true ); $wgMinimalPasswordLength = 1; // Don't automatically create an account for a user if the account exists in LDAP but not in MediaWiki. Default is false. // this totally breaks things, do not turn it on $wgLDAPDisableAutoCreate = array( "domain-ldap" => false ); $wgLDAPDebug = 1; // 3 is a lot