Mediawiki

From HerzbubeWiki

Contents 1 Version 2 System installation 3 References 4 Debian setup 4.1 Web server configuration 4.2 AdminSettings.php 4.3 LocalSettings.php 5 Manual setup 5.1 MySQL 5.2 Tar ball 5.3 Web server setup 5.4 Web browser setup 5.5 Changes in the filesystem 6 Upgrade 6.1 Upgrade 1.12 -> 1.15 through Debian 6.2 Upgrade 1.10 -> 1.12 through Debian 6.3 Upgrade 1.7 -> 1.10 through Debian 6.4 Upgrade 1.5 -> 1.7 through Debian 6.5 Upgrade from manual installation to Debian 6.6 Manual upgrade 7 Modifications to Mediawiki 7.1 Logo 7.2 Modify navigation bar 7.3 Additional namespaces 7.4 Namespace protection 7.4.1 User groups 7.4.2 Protecting a namespace 7.5 Searched namespaces 7.6 No anonymous edits 7.7 Disable account registration 8 Extensions 8.1 Managing extensions 8.2 Cite 8.3 Special:Interwiki 8.4 ParserFunctions 8.5 LDAP Authentication 9 LDAP 9.1 Overview 9.2 PHP LDAP support 9.3 Prepare the LDAP directory 9.3.1 Users 9.3.2 Groups 9.4 Activate the extension 9.5 Configure the extension 9.6 Debugging 10 Troubleshooting 11 How to clone a Mediawiki installation for local use with MAMP 11.1 Overview 11.2 Install the Mediawiki software on the MacBook 11.3 Install the Cite.php extension on the MacBook 11.4 Install the database contents on the MacBook 11.5 Final configuration 11.6 That's it

Version

Various parts of this document may refer to different versions of the Mediawiki package. If no specific version is mentioned, the information hopefully applies to all Mediawiki versions.

System installation

Up to version 1.10, the Debian meta package mediawiki always pointed to the latest version of mediawiki. For instance, it pointed to the concrete package mediawiki1.7 or mediawiki1.10.

In version 1.12, only the Debian package mediawiki remains, there is no split between a meta package and a concrete package.

A useful set of Mediawiki extensions are available through the Debian package mediawiki-extensions. Other extensions are available as separate packages, just search the package database for the term "mediawiki".

Important: At least the mediawiki1.7, but possibly earlier packages as well, require that PHP 5 is installed, which in turn requires MySQL 5.

References

Configuration options are explained on

http://www.mediawiki.org/wiki/Manual:Configuration_settings

Debian setup

Web server configuration

Enable PHP in /etc/apache2/conf.d/osgiliath.conf.

Add the following Virtual Host configuration:

# --------------------------------------------------------------------------------
# wiki.herzbube.ch
# --------------------------------------------------------------------------------
<VirtualHost *:80>
  ServerName wiki.herzbube.ch
  ServerAdmin webmaster@herzbube.ch
  ErrorLog /var/log/apache2/herzbube.ch/error.log
  CustomLog /var/log/apache2/herzbube.ch/access.log combined

  DocumentRoot /var/lib/mediawiki
  Alias /robots.txt /var/www/herzbube.ch/wiki.herzbube.ch/robots.txt
</VirtualHost>
<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerName wiki.herzbube.ch
    ServerAdmin webmaster@herzbube.ch
    ErrorLog /var/log/apache2/herzbube.ch/error.log
    CustomLog /var/log/apache2/herzbube.ch/access.log combined

    DocumentRoot /var/lib/mediawiki
    Alias /robots.txt /var/www/herzbube.ch/wiki.herzbube.ch/robots.txt

    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/herzbube.ch.crt
    SSLCertificateKeyFile /etc/ssl/private/herzbube.ch.key.unsecure
    SSLCertificateChainFile /etc/ssl/certs/cacert.org.certchain
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
  </VirtualHost>
</IfModule>

AdminSettings.php

The file /etc/mediawiki/AdminSettings.php must contain at least the information how to connect to the database with a user that has privileges to perform an upgrade. For instance:

$wgDBadminuser      = 'mediawiki';
$wgDBadminpassword  = 'secret';

Because it contains a password, the file should be protected:

chmod 400 AdminSettings.php
chown www-data:www-data AdminSettings.php

LocalSettings.php

The file /etc/mediawiki/LocalSettings.php contains the remaining configuration. Important bits are:

$wgSitename         = "HerzbubeWiki";

$wgScriptPath       = "";  # The wiki resides at the base of a Virtual Host, e.g. http://wiki.herzbube.ch/
$wgScript           = "$wgScriptPath/index.php";
$wgRedirectScript   = "$wgScriptPath/redirect.php";
$wgArticlePath      = "$wgScript/$1";

$wgDBserver         = "localhost";
$wgDBname           = "mediawikidb";
$wgDBuser           = "mediawiki";
$wgDBpassword       = "secret";

Because it contains a password, the file should be protected:

chmod 400 LocalSettings.php
chown www-data:www-data LocalSettings.php

Manual setup

This chapter covers a manual installation of Mediawiki from a tar ball downloaded from http://www.mediawiki.org.

Note: Since I currently use the Debian package, this chapter is merely kept for historical reasons. Some of the information presented is probably out-of-date.

MySQL

Create a user mediawiki that has all privileges (except GRANT) to the database mediawikidb. The database itself does not need to be created now, it will be created later through the web browser setup.

Tar ball

Extract the Mediawiki tar ball to a convenient location, e.g. /var/www/mediawiki-x.y.z. Create a symlink /var/www/mediawiki that points to the directory that contains your specific version of mediawiki. This will make for an easier upgrade to a new Mediawiki version in the future.

Give the user www-data all privileges to the config directory:

chown www-data:www-data config
chmod 755 config

Web server setup

Make sure that the PHP engine is enabled for /var/www/mediawiki (or wherever you have installed the software), but that it is disabled (!) for the upload subdirectory. Also set DirectoryIndex wiki.phtml for the main directory. Last but not least you need to have an alias such as

Alias /mediawiki /var/www/mediawiki

Web browser setup

Point your web browser to http://<host>/mediawiki. Provide the following configuration information:

• Site name = HerzbubeWiki
• Sysop account = admin, password = <something>
• Database name = mediawikidb
• Database user = mediawiki, password = <something>

Changes in the filesystem

Now move config/LocalSettings.php to the main directory and remove write privileges for everyone from the config directory so that nobody can change the configuration by accident or on purpose:

chmod 555 config

Perform some manual changes to LocalSettings.php:

• wgDisableUploads = false

Upgrade

Upgrade 1.12 -> 1.15 through Debian

In aptitude, upgrade the package mediawiki (mediawiki-extensions has previously been upgraded). Still no automatic upgrade, so here's the usual drill:

• Database backup
• Perform the database upgrade (update.php prints an alert which can be ignored: "script tried to increase memory_limit to 4294967295 bytes which is above the allowed value")

cd /var/lib/mediawiki
php maintenance/update.php

That's it!?! The shortest, least painful of all the upgrades, even across 3 versions. I almost can't believe it, but it seems to be true. It appears the Mediawiki project has matured as well as the Debian packaging effort. Congratulations!

Upgrade 1.10 -> 1.12 through Debian

In aptitude, upgrade the packages mediawiki and mediawiki-extensions. This time, DebConf does not even make an attempt at automatic upgrading. Again, we have to fix everything manually (*grrr*):

• Copy LocalSettings.php and AdminSettings.php from the 1.10 installation

cp /etc/mediawiki1.10/LocalSettings.php /etc/mediawiki
cp /etc/mediawiki1.10/AdminSettings.php /etc/mediawiki

• Edit /etc/mediawiki/LocalSettings.php and replace all occurrences of "/var/lib/mediawiki1.10" by "/var/lib/mediawiki"
• Modify permissions for the following files that contain passwords

chown www-data:www-data /etc/mediawiki/AdminSettings.php
chown www-data:www-data /etc/mediawiki/LocalSettings.php
chmod 400 /etc/mediawiki/AdminSettings.php
chmod 400 /etc/mediawiki/LocalSettings.php

• Remove a strange configuration file left over from some PHP upgrade (if this file exists, the update.php script that we are going to run will throw up)

rm /etc/php5/conf.d/imagick.ini

• Go to the application directory

cd /var/lib/mediawiki

• Execute the update script

php maintenance/update.php

• Execute the rebuildall script:

php maintenance/rebuildall.php

• Manually remove comment from the "Alias" directive in

/etc/mediawiki/apache.conf

• Enable PHP for /var/lib/mediawiki (instead of /var/lib/mediawiki1.10)

/etc/apache2/conf.d/osgiliath.conf

• Restart Apache

apache2ctl graceful 

• Remove the old Debian package mediawiki1.10

Upgrade 1.7 -> 1.10 through Debian

The automatic upgrade performed by DebConf (or actually the script /usr/share/mediawiki1.10/debian-scripts/upgrade-mediawiki) totally fails, so we have to fix everything manually:

• Edit /etc/mediawiki1.10/LocalSettings.php and on one of the very first lines (the one that contains "MW_INSTALL_PATH") replace "/var/lib/$mediawikinewversion" by "/var/lib/mediawiki1.10"
• Copy AdminSettings.php from the 1.7 installation

cp /etc/mediawiki1.7/AdminSettings.php /etc/mediawiki1.10

• Modify permissions for the following files that contain passwords

chown www-data:www-data /etc/mediawiki1.10/AdminSettings.php
chown www-data:www-data /etc/mediawiki1.10/LocalSettings.php
chmod 400 /etc/mediawiki1.10/AdminSettings.php
chmod 400 /etc/mediawiki1.10/LocalSettings.php

• Go to the application directory

cd /var/lib/mediawiki1.10

• Execute the update script

php maintenance/update.php

• Execute the rebuildall script:

php maintenance/rebuildall.php

• The old "upload" directory is now called "images"; create the "images" directory manually (automatic creation failed because the 1.7 "upload" directory did not contain any files), then remove the old "upload" directory that was installed by the mediawiki1.10 package

mkdir images
chown www-data:www-data images
chmod 700 images
rmdir upload

• Manually remove comment from the "Alias" directive in

/etc/apache2/conf.d/mediawiki1.10.conf

• Remove old Apache configuration

rm /etc/apache2/conf.d/mediawiki1.7.conf 

• Enable PHP for /var/lib/mediawiki1.10 (instead of /var/lib/mediawiki1.7)

/etc/apache2/conf.d/osgiliath.conf

• Restart Apache

apache2ctl graceful 

• Remove the old Debian package mediawiki1.7

Upgrade 1.5 -> 1.7 through Debian

If necessary, upgrade from PHP4 to PHP5.

Then do this

cp /var/lib/mediawiki/LocalSettings.php /var/lib/mediawiki1.7/LocalSettings.php

and fix paths inside LocalSettings.php

Then backup the MySQL database and perform the following steps (as detailed in /usr/share/doc/mediawiki1.7/UPGRADE.gz):

cd /var/lib/mediawiki1.7/
cp /usr/share/doc/mediawiki1.7/examples/AdminSettings.sample .
chown www-data:www-data AdminSettings.php
chmod 400 AdminSettings.php
cd /usr/share/mediawiki1.7/maintenance
php5 update.php
php5 refreshLinks.php
chmod 000 /var/lib/mediawiki1.7/config

Upgrade from manual installation to Debian

You will be able to remove most of your manual web server configuration, as the Debian package brings its own web server configuration file. A possible exception is that you may need to explicitly turn the PHP engine on for Mediawiki if you have globally disabled PHP.

The Debian package places its files in /var/lib/mediawiki.

Point your web browser to http://<host>/mediawiki and follow the provided installation sequence. If the browser attempts to start a download instead of displaying the PHP page you may need to empty your browser cache first.

mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki
chown www-data:www-data /etc/mediawiki/LocalSettings.php
chmod 400 /etc/mediawiki/LocalSettings.php
rm -r /var/lib/mediawiki/config

Manual upgrade

If you have a manual installation of Mediawiki:

• Extract the tar ball of the new version, for instance for Mediawiki 1.4.5 this would be to /var/www/mediawiki-1.4.5
• chown -R www-data mediawiki-1.4.5
• chgrp -R www-data mediawiki-1.4.5
• Make sure that the files LocalSettings.php and AdminSettings.php do not exist
• Change the symlink /var/www/mediawiki to point to your new installation
• Point your web browser to http://<host>/mediawiki and follow the provided installation sequence
  • The new Mediawiki software should automatically perform any necessary database updates
• Repeat all other modifications that you have made to the old Mediawiki software (e.g. change of site logo)

Modifications to Mediawiki

Logo

For Mediawiki 1.3.3:

• rename (or remove) stylesheets/images/wiki.png
• create a symlink named wiki.png that points to your own logo (or physically copy your logo file)
• in addition you may wish to rename (or remove) stylesheets/monobook/headbg.jpg

For Mediawiki 1.4.5:

• same procedure as above, but the logo file is now located at skins/common/images/wiki.png, and the background file is located at skins/monobook/headbg.jpg

For Mediawiki 1.7 and above (possibly even earlier versions):

• edit the LocalSettings.php file and change $wgLogo to point to your logo file
• for instance, do the following
  • enable uploads by setting $wgEnableUploads = true
  • upload the logo file
  • set wgLogo = "$wgUploadPath/7/7d/Herzbube.ch-logo.png"
  • note that the upload took place into a subdirectory of the $wgUploadPath

Modify navigation bar

You may wish to modify the navigation bar on the left, e.g. remove some unnecessary links such as "Community portal".

For Mediawiki 1.4:

• first look inside includes/DefaultSettings.php for the string $wgNavigationLinks
• copy the entry to LocalSettings.php
• you can now modify the copied version until it fits your need

For versions >= 1.5:

• login as a user that has sysop privileges
• edit the page MediaWiki:Sidebar

Additional namespaces

The system defines a number of default namespaces with numeric IDs < 100. Additional namespaces can be defined by setting the following variable in LocalSettings.php:

$wgExtraNamespaces =
  array(100 => "Foo",
        101 => "Foo_Talk",
        102 => "Bar",
        103 => "Bar_Talk"
        );

Namespace protection

Certain namespaces can be protected through the wgNamespaceProtection setting, however this is available only in the upcoming 1.10 version of Mediawiki.

Another way to protect certain pages involves user groups.

User groups

Details about user rights and groups can be found on http://www.mediawiki.org/wiki/Manual:User_rights.

You can place users into groups on the Special:Userrights page.

You can assign privileges to a group by editing the file LocalSettings.php in the following way (note that you create groups by simply mentioning them in LocalSettings.php):

$wgGroupPermissions['ninja']['delete'] = true;
$wgGroupPermissions['ninja']['block'] = true;
$wgGroupPermissions['ninja']['bot'] = true;
[...]

The implicit group for anonymous users is '*'. The implicit group for logged in users is 'user'. Therefore, modifying the privileges for these 2 special groups would look like this:

$wgGroupPermissions['*'    ]['createaccount']   = true;
$wgGroupPermissions['user' ]['read']            = true;

Protecting a namespace

This section contains a copy of the instructions found on http://www.mediawiki.org/wiki/Manual:Preventing_access. If something does not work as expected, that page should be consulted as a reference, and also to see if the procedure has been updated.

For the moment I prefer manually editing some .php files to the NameSpacePermissions extension because both methods can be considered "hacking", but the extension seems to be more obscure...

If we assume that we want to protect the namespace foo whose ID is 100, so that only users in the group bar can read/edit pages, the following needs to be done:

• change a few lines in Title.php inside the userCanRead() function (a few more lines are included for orientation).

Title.php (old)

if( $wgUser->isAllowed('read') ) { 
  return true;
} else {
  global $wgWhitelistRead;

Title.php (new)

if( $this->getNamespace() == 100 ) {
  return $wgUser->isAllowed('view_namespace_foo');
}
if( $wgUser->isAllowed('read') ) { 
  return true;
} else {
  global $wgWhitelistRead;

• add the following lines to LocalSettings.php

# Create group
$wgGroupPermissions['foo']['edit'] = true;
# Assign the permission to the group
$wgGroupPermissions['foo']['view_namespace_foo'] = true;

• transclusion cannot be avoided unless you have an 1.10alpha or later version of Mediawiki

Searched namespaces

Users who are logged in can change the namespaces that are searched by default in their user preferences. To modify the defaults for anonymous users, edit the file LocalSettings.php to contain the following list:

$wgNamespacesToBeSearchedDefault = array( NS_MAIN => true, NS_USER => true );

In the example above, the User namespace will be searched in addition to the Main namespace (which is the only one searched by default).

Note: Newly created user accounts inherit this setting, but existing user accounts remain unaffected (even if they have not changed their user preferences from the defaults).

No anonymous edits

By default, anonymous (i.e. not logged in) users have permission to edit wiki pages. This can be disabled by placing the following line in LocalSettings.php:

$wgGroupPermissions['*']['edit'] = false;

Note: The "edit" link on top of each page is still shown, but if an anonymous user clicks on the link he will be asked to login.

Disable account registration

By default, account registration for the Mediawiki site is enabled. This can be disabled by placing the following line in LocalSettings.php:

$wgGroupPermissions['*']['createaccount'] = false;

The "log in" link on top of each page is still labelled "log in / create account", but the "create account" link on the login page is no longer visible, and if a user directly goes to the signup page, she will be told that account registration by anonymous users is not possible.

Extensions

Managing extensions

To view a list of installed Mediawiki extensions, go to Special:Version.

Debian provides the package mediawiki-extensions which contains a set of useful extensions. Installing the package does not automatically enable those extensions, you still have to manage them with

mwenext 

enable extensions

mwdisext 

disable extensions

To examine the list of available and/or installed extensions in the filesystem, look into the directories

• /etc/mediawiki-extensions/extensions-available
• /etc/mediawiki-extensions/extensions-enabled

To install a custom extension (i.e. one that is not available via mediawiki-extensions), place it into

/var/lib/mediawiki/extensions

Cite

Cite is an extension which allows a user to create footnotes. For details, see the extension website.

Cite is available through the Debian package mediawiki-extensions. The extension is enabled with this command:

mwenext Cite.php

Special:Interwiki

Interwiki links normally must be managed by modifying a database table (details are available on this page). The Special:Interwiki extension exposes the table and the editing process through the page Special:Interwiki. Other extensions for managing Interwiki links can be found here.

Installation:

cd /var/lib/mediawiki/extensions
svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/Interwiki

Add the following lines to the end of /etc/mediawiki/LocalSettings.php:

# InterWiki extension
require_once("$IP/extensions/Interwiki/SpecialInterwiki.php");
$wgGroupPermissions['*']['interwiki'] = false;
$wgGroupPermissions['sysop']['interwiki'] = true;

Interwiki links can now be managed by logging in as an administrator and going to Special:Interwiki.

ParserFunctions

The ParserFunctions extension is available through the Debian package mediawiki-extensions. The extension provides additional parser functions that can be used on pages and in templates, such as

{{#ifexpr ...}}

The extension is enabled because various templates copied from Wikipedia use these expressions. For details, see the extension website.

LDAP Authentication

LDAP Authentication is an extension which enables LDAP to be used as an authentication backend. See the "LDAP" section on this page for more details.

LDAP

Overview

LDAP Authentication is an extension which enables LDAP to be used as an authentication backend. For details, see the extension website.

The extension has plenty of configuration options that are fairly well documented. The main problem of getting this to work was that up until now my LDAP directory structure used different mechanisms for group support. The LDAP Authentication extension introduced me to the object class "groupOfUniqueNames", which might be a good solution for other applications that use groups as well.

Additional notes:

• LocalSettings.php now contains another password
• Users must now be created in LDAP, it is no longer possible to login as a bureaucrat or sysop and create an account
• Passwords must now be changed in LDAP
• I formerly logged in as user "Herzbube". This user still exists in the Mediawiki database, but it is no longer possible to login as "Herzbube". Also, I am too lazy to "convert" the account to my new personal account, which means that all edits prior to switching to LDAP authentication are still credited to it.
• Also see the OpenLDAP page on this wiki

PHP LDAP support

As a prerequisite, PHP must be properly configured as an LDAP client.

• The Debian package php5-ldap must be installed
• Hash links in /etc/ssl/certs must be set up correctly
• PHP will query the LDAP server as a local LDAP client. Because my LDAP server requires TLS, the following line must be present in the system-wide client configuration file /etc/ldap/ldap.conf. The line must refer to the entire CA certificate chain used for verifying the LDAP server certicate. Note that the line may already be present due to other clients (e.g. ldapsearch) that already need to contact the LDAP directory.

TLS_CACERT /etc/ssl/certs/cacert.org.certchain

Prepare the LDAP directory

Users

Mediawiki will refer to user entries below ou=users,dc=herzbube,dc=ch. Because I do not plan to store user preferences in LDAP, the current user entries do not need to be modified. All that is required from them is the presence of the uid attribute, and the ability to use them for binding (i.e. the userPassword attribute must be present).

Groups

Mediawiki not only has support for user groups, it actively employs them even even for basic things such as identifying who is an Admin user. For this reason, new groups must be added to the LDAP directory.

Mediawiki will refer to group entries below ou=group,dc=herzbube,dc=ch:

• Group entries must be of object class groupOfUniqueNames
• Group entries refer to their members via the attribute uniqueMember
• uniqueMember requires that its references are full DNs (e.g. cn=admin,ou=users,dc=herzbube,dc=ch)

The following groups are needed:

• cn=wikiusers,ou=groups,dc=herzbube,dc=ch
  • All users that should be able to login to Mediawiki must be members of this group
  • I use this because I do not want all POSIX accounts (or in fact all user entries below ou=users,dc=herzbube,dc=ch) to be able to login to Mediawiki
  • To ensure this, in other applications I have enhanced user entries with an additional object class in order to mark the entry as an account for that application. For instance, Bugzilla accounts have the additional object class bugzillaAccount
  • Although this group formally is a Mediawiki group, it is not actually required by Mediawiki
• cn=sysop,ou=groups,dc=herzbube,dc=ch
  • Only contains the "admin" user
• cn=bureaucrat,ou=groups,dc=herzbube,dc=ch
  • Only contains the "admin" user
• The page Special:ListGroupRights also lists a group named "Users". No LDAP entry is needed for this group, though, because all users automatically belong to this implicit group. This can be verified by examining the table "user_groups" in Mediawiki's database.

Activate the extension

LDAP Authentication is available through the Debian package mediawiki-extensions-ldapauth (which is installed on my system because I have installed the parent package mediawiki-extensions).

The extension is enabled with this command:

mwenext LdapAuthentication.php

Configure the extension

The extension is configured by adding code to the end of LocalSettings.php. A full list of possible options is available on the extension site.

The following snippet is my current configuration:

# No need for require_once( "$IP/extensions/LdapAuthentication.php" );
# -> this is done automatically by a mechanism provided by Debian's
# mediawiki-extensions package. All that is required is that the
# extension be enabled "mwenext".

# ---------- Basic configuration ----------
# Instantiate the extension
$wgAuth = new LdapAuthenticationPlugin();
# Any domain name can be used here; this is not a DNS name,
# it's simply a name that will be displayed on the login page
$wgLDAPDomainNames = array(
  'wiki.herzbube.ch'
);
$wgLDAPServerNames = array(
  'wiki.herzbube.ch' => 'ldap.herzbube.ch'
);
# Do not allow local Mediawiki users, only allow LDAP users
$wgLDAPUseLocal = false;
# TLS is required
$wgLDAPEncryptionType = array(
  "wiki.herzbube.ch"=>"tls"
);
# Bind as this user to make searches
$wgLDAPProxyAgent =  array(
  'wiki.herzbube.ch' => 'cn=readonly-users,ou=users,dc=herzbube,dc=ch'
);
$wgLDAPProxyAgentPassword = array(
  'wiki.herzbube.ch' => 'secret'
);
# ---------- Base DNs for searches ----------
# Since we are defining explicit base DNs for user/group searches,
# it is unclear how $wgLDAPBaseDNs is going to be used. Somewhere
# I have read that it is still necessary, but I don't know what for.
$wgLDAPBaseDNs = array(
  'wiki.herzbube.ch' => 'dc=herzbube,dc=ch'
);
$wgLDAPUserBaseDNs= array(
  'wiki.herzbube.ch' => 'ou=users,dc=herzbube,dc=ch'
);
$wgLDAPGroupBaseDNs= array(
  'wiki.herzbube.ch' => 'ou=groups,dc=herzbube,dc=ch'
);
# ---------- Options related to user entries ----------
# The attribute whose value must match the user name
# specified at login time
$wgLDAPSearchAttributes = array(
  'wiki.herzbube.ch' => 'uid'
);
# ---------- Options related to group entries ----------
# Mediawiki groups are not POSIX groups, therefore they are not
# represented by entries of the posixGroup object class. A useful
# alternative is the core schema object class groupOfUniqueNames,
# which is a very generic way to gather a list of unique
# references to other DNs.
$wgLDAPGroupObjectclass = array(
  "wiki.herzbube.ch"=>"groupOfUniqueNames"
);
# The name of the attribute that identifies the group.
$wgLDAPGroupNameAttribute = array(
  "wiki.herzbube.ch" => "cn"
);
# The name of the attribute that stores the user references.
# uniqueMember is a core schema attribute type.
$wgLDAPGroupAttribute = array(
  "wiki.herzbube.ch" => "uniqueMember"
);
# Whether or not the group references the user with a full DN.
# We must say "true" here because the attribute uniqueMember
# requires the reference to be a full DN.
$wgLDAPGroupUseFullDN = array(
  "wiki.herzbube.ch" => true
);
# Mediawiki always converts the first letter of the user name
# to upper case, but the LDAP entries for users always use
# lower case.
$wgLDAPLowerCaseUsername = array(
  "wiki.herzbube.ch"=>true
);
# Normally it is expected that groups refer to their members.
# If this were set to true, it would be the other way round
# and users would refer to their groups via the "memberOf"
# attribute.
$wgLDAPGroupsUseMemberOf = array(
  "wiki.herzbube.ch" => false
);
# ---------- Login restrictions ----------
# Login is not allowed if the user entry does not match the
# restrictions specified here.
# NOTE: Defining this property is not really necessary since we
# are using $wgLDAPRequiredGroups. This property is here just so
# that its usage can be documented and demonstrated.
# - The vale of this property is enclosed in "()" but otherwise
#   it is used verbatim as the filter criteria in an LDAP search.
#   This means that we can use the regular LDAP search criteria
#   syntax here (e.g. "objectClass=*"
# - The base DN used for searching is the user's DN previously
#   obtained by the initial search for $wgLDAPSearchAttributes
#   below $wgLDAPUserBaseDNs
# - The check is successful if the search has a non-null result,
#   i.e. at least one entry must be returned by the search
$wgLDAPAuthAttribute = array(
  "wiki.herzbube.ch" => "objectClass=uidObject"
);
# Login is not allowed if a user is not a member of the groups
# specified here. In order to use this property, various other
# group-related properties must also be configured.
$wgLDAPRequiredGroups = array(
  "wiki.herzbube.ch"=>array(
    "cn=wikiusers,ou=groups,dc=herzbube,dc=ch"
  )
);

Debugging

Add the following lines to LocalSettings.php to write debugging information into a file. Warning: Passwords are written to the file in clear text!

$wgLDAPDebug = 4;
$wgDebugLogGroups = array(
  'ldap' => '/tmp/mediawiki.ldap.debug.log',
);

Troubleshooting

For general debug output, add the following line to LocalSettings.php:

$wgDebugLogFile = '/tmp/mediawiki.debug.log';

If the debug output of a specific extension is desired, it may be necessary to define other, extension-specific variables. Also, it is possible to redirect debug output to a different log file depending on which group is used by the logging statement. For instance, the "LDAP Authentication" extension uses the group "ldap" for its logging statements, therefore the following definition in LocalSettings.php redirects the extension's output to a separate file:

$wgDebugLogGroups = array(
  'ldap' => '/tmp/mediawiki.ldap.debug.log',
);              

How to clone a Mediawiki installation for local use with MAMP

Overview

This HOWTO explains how I made a clone of HerzbubeWiki so that I could use it locally on my MacBook, together with MAMP, while travelling around the world. The HOWTO is not very generic but rather specific to my installation - you will have to figure out yourself how to adapt the examples to your own needs.

Install the Mediawiki software on the MacBook

• Download mediawiki 1.12.0 from here: http://download.wikimedia.org/mediawiki/1.12/
• Issue the following commands in Terminal.app on the MacBook

cd /Applications/MAMP/htdocs
tar xfvz ~/Downloads/mediawiki-1.12.0.tar.gz
chown -R patrick:patrick mediawiki-1.12.0/
ln -s mediawiki-1.12.0/ mediawiki

• Launch MAMP.app
• Point browser at http://localhost:8888/mediawiki/
• Follow instructions to setup MediaWiki
• Issue the following commands in Terminal.app

cd /Applications/MAMP/htdocs/mediawiki
mv config/LocalSettings.php .
chmod 400 LocalSettings.php

Install the Cite.php extension on the MacBook

• Information about Cite.php can be found here: http://www.mediawiki.org/wiki/Extension:Cite/Cite.php
• Download file from here: http://www.mediawiki.org/wiki/Special:ExtensionDistributor/Cite (needs interaction)
• Issue the following commands in Terminal.app

cd /Applications/MAMP/htdocs/mediawiki/extensions
tar xfvz ~/Downloads/Cite-MW1.12-r33026.tar.gz
chown -R patrick:patrick Cite/

• Add the following line to LocalSettings.php:

require_once('extensions/Cite/Cite.php');

Install the database contents on the MacBook

• On the server, create a database dump

cd /tmp
mysqldump --add-drop-table -u root -p mediawikidb >mediawikidb.sql.dump
gzip mediawikidb.sql.dump

• Also on the server, create a tar file with the images

cd /var/lib/mediawiki/images
tar cfp /tmp/mediawiki.images.tar *
gzip /tmp/mediawiki.images.tar

• On the MacBook, restore the database (you will have to enter the password for MAMP's MySQL user root, which is "root" by default)

cd ~/Downloads
scp root@osgiliath:/tmp/mediawikidb.sql.dump.gz .
gunzip mediawikidb.sql.dump.gz
/Applications/MAMP/Library/bin/mysql -u root -p mediawikidb <mediawikidb.sql.dump

• Also on the MacBook, restore the images

cd ~/Downloads
scp root@osgiliath:/tmp/mediawiki.images.tar.gz .
cd /Applications/MAMP/htdocs/mediawiki/images
tar xfvz ~/Downloads/mediawiki.images.tar.gz

Final configuration

• Make the following changes to LocalSettings.php to achieve the same configuration as on the server

# enable uploads
$wgEnableUploads       = true;

# new logo (first line only needs to be present because this is not the Debian machine)
$wgUploadPath       = "$wgScriptPath/images";
$wgLogo             = "$wgUploadPath/7/7d/Herzbube.ch-logo.png";

# no anonymous edits
$wgGroupPermissions['*']['edit'] = false;

# new users get the following search settings
$wgNamespacesToBeSearchedDefault = array( NS_MAIN => true, NS_USER => true );

That's it

Point the browser at http://localhost:8888/mediawiki/.