If you're running at least MediaWiki 1.27[1], you can take advantage of Cindy Cicalese's Extension:PluggableAuth and Extension:OpenID_Connect. Using these extensions, you can have people login to your wiki using their Google account; and other Single Sign-On setups.
If you're running an older version[1] of MediaWiki (<1.27) you probably can't run the (unmaintained) mw:Extension:OpenID. As a workaround, you could switch over to an LDAP based auth. Or, just upgrade already!
Google deprecated it's support for OpenID 2.0 support. They now implement "OpenID Connect" (official site: http://openid.net/connect/) Unfortunately, Evan Prodromou's MediaWiki Extension:OpenID extension is written for OpenID 2.0 So, to wiki's that used Google as an Identity/Auth provider must now switch to LDAP or other means. Fortunately, there isn't too much work to do if you have an LDAP server in place.
$wgOpenIDLoginOnly = false;
$wgOpenIDLoginOnly
$wgWhitelistRead
update.php
sudo yum -y install php-ldap
sudo apt-get install php-ldap
grundlett@wiki:/var/www/html/wiki/maintenance$ php createAndPromote.php --force --bureaucrat --sysop Grundlett
You can see the list of existing users at Special:ListUsers
Here's a sample configuration for an Active Directory LDAP server
$wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array('example'); //$wgLDAPServerNames = array('example' => 'ad.example.net'); $wgLDAPServerNames = array('example' => '192.168.0.67 192.168.0.68'); $wgLDAPEncryptionType = array( 'example' =>"clear" ); // default: tls $wgLDAPGroupUseFullDN = array( 'example'=>true ); $wgLDAPGroupObjectclass = array( 'example'=>"group" ); $wgLDAPGroupAttribute = array( 'example'=>"member" ); $wgLDAPGroupSearchNestedGroups = array( 'example'=>true ); $wgLDAPGroupNameAttribute = array( 'example'=>"cn" ); $wgLDAPBaseDNs = array( 'example'=>"dc=ad,dc=example,dc=net" ); $wgLDAPActiveDirectory = array( 'example'=>true ); # using AD-style straight binds (DOMAIN\\USER-NAME or USER-NAME@DOMAIN), # you'll need one more option to make this work correctly: $wgLDAPSearchAttributes = array( 'example'=>"sAMAccountName" ); $wgLDAPPreferences = array( 'example' => array( 'email' => 'mail','realname' => 'cn','nickname' => 'samaccountname')); $wgLDAPProxyAgent = array( 'example' => "cn=wikiservice,ou=Service,ou=Accounts,dc=ad,dc=example,dc=net"); $wgLDAPProxyAgentPassword = array('example'=> 'SomeLongRandomPassword'); # add in a debug log file $wgLDAPDebug = 3; // default is 0, highest is 3 $wgDebugLogGroups['ldap'] = '/tmp/wiki-ldap-debug.log'; // This hook is called by the LdapAuthentication plugin. It is a configuration hook. Here we // are specifying what attibute we want to use for a username in the wiki. // Note that this hook is NOT called on a straight bind. // The hook calls the function defined below. $wgHooks['SetUsernameAttributeFromLDAP'][] = 'SetUsernameAttribute'; // This function allows you to get the username from LDAP however you need to do it. // This is the username MediaWiki will use. function SetUsernameAttribute(&$LDAPUsername, $info) { $LDAPUsername = $info[0]['samaccountname'][0]; return true; } // Allow the use of the local database as well as the LDAP database. // Mostly for transitional purposes. Unless you *really* know what you are doing, // don't use this option. It will likely cause you annoying problems, and // it will cause me annoying support headaches. // Warning: Using this option will allow MediaWiki to leak LDAP passwords into // its local database. It's highly recommended that this setting not be used for // anything other than transitional purposes. // Default: false $wgLDAPUseLocal = false;
