How to Install MediaWiki with MySQL and PHP and LDAP/AD extension

Assumptions:

System: Linux Debian with PHP and Apache web server already installed and running.

Install the following:

  1. apt-get install mysql-server
  2. apt-get install php5-mysql
  3. Download wiki https://www.mediawiki.org/wiki/Manual:Installation_guide
  4. Setup Apache site then a2ensmode Name to enable it.
  5. Setup database for wiki follow this https://www.mediawiki.org/wiki/Manual:Installing_MediaWiki

mysql -u root -p

CREATE DATABASE wikidb;
GRANT ALL PRIVILEGES ON wikidb.* TO 'wikiuser'@'localhost' IDENTIFIED BY 'password';

6. Restart apache.

service apache2 restart

If the Wiki is not showing mysql then you need to restart service.

7. Install LDAP support for php.

on ubuntu apt-get install php5-ldap

8. Restart apache – service apache2 restart

9. Download ldap extention from wiki

https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Configuration_Options

then clik on the download the snapshot for the correct version then unpack

tar -xzf LdapAuthentication-REL1_28-770c89e.tar.gz -C /var/www/mediawiki/extensions

10. Run the updater php maintenance/update.php

If you get the following error then you need to run the update script again!

A database query error has occurred. This may indicate a bug in the software.[a6131d2bdeda3f290ca8cc67] 2017-02-15 11:28:39: Fatal exception of type “DBQueryError”

You need to have a ldap_domain table created in wiki database. You can run double check if it’s there by logging to mysql

mysql -p -u root

then show databases; use wikidb; show tables; you should see the ldap_domains

Once you setup ldap you will no longer be able to access the Admin account. Log first as a ldap/ad user then log in to mysql

mysql -p -u root

show databases;

use yourdatabase;

select * from user; (to get your user _id)

then run the following (2 is my user_id)

INSERT INTO user_groups (ug_user,ug_group) VALUES (2,”bureaucrat”);

Once completed log to wiki and you will have a full rights to it.

Once you LDAP setup is ready you may wan to change from clear to tls/ssl in the LocalSettings.php section.

To get ssl/tls working you need to trust the certification from your active directory.

  1. Get a Certification

openssl s_client -connect yourdomaincontroller-dc1:636

copy all section from ——-BEGIN to END —- Certficate

Install ldap-utils

apt-get install ldap-utils

Open up vim /etc/ldap/ldap.conf

then look for entry

TLS_CACERT /etc/ssl/certs/ca-certificates.crt

open up vim /etc/ssl/certs/ca-certificates.crt and paste your Certificate to the end.

I have found that this works only temporary until you run update-ca-certificates.

To get this permamment.

create a local file with certificates e.g local-ca.crt then copy it to /usr/local/share/ca-certificates and run update-ca-certificates.

Restart apache service apache2 restart

It should be working now.

If you have the following error  DatabaseBase::factory no viable database extension found for type ‘mysql’ then you need to install apt-get install php5-mysql and service apache2 restart.

Advertisements