Skip to content

createyourpersonalaccount/openldap-mediawiki

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
ldap
ldap
 
 
secrets
secrets
 
 
wiki
wiki
 
 
x509-cert
x509-cert
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
COPYING
COPYING
 
 
README.org
README.org
 
 
compose.yaml
compose.yaml
 
 
generate_privkey.sh
generate_privkey.sh
 
 

Repository files navigation

MediaWiki and MariaDB with OpenLDAP integration over TLS

This is a Docker multi-container of MediaWiki with MariaDB and OpenLDAP.

Two technical notes:

  1. We extend the official MediaWiki and MariaDB Docker images, but we employ our own OpenLDAP image (we elected not to use the popular https://github.com/osixia/docker-openldap because it appeared overengineered for our purpose and hard to assess.)
  2. We use implicit TLS instead of STARTTLS (this is not bad.)

Using

To use, first run ./generate_privkey.sh once to generate the x509 certificate and private key. Then:

docker compose build && docker compose up -d

and head to http://localhost:8080 in your web browser. You may log in to the wiki as the user rjsmith with password rJsmitH.

To bring it down use docker compose down.

You can read server logs with docker logs on the appropriate container listed via docker container ls.

Details

You are encouraged to look at the files to understand which parts must be edited. We briefly explain each file.

  • .env, contains links to the MediaWiki plugin tarballs (always latest version.)
  • generate_privkey.sh, will help you generate a self-signed x509 cert for the LDAP/MediaWiki communication. You may edit the details in x509-cert/cert.cnf to match your domain.
  • secrets/, this directory contains all the secrets of this project: there’s only one, the private key of the x509 certificate. It is required by the LDAP server to establish TLS connections. The contents of the secrets directory are ignored by .gitignore, so that no accidental commit occurs.
  • wiki/ and ldap/ contain config directories that configure the corresponding services.

Checklist for you

  1. You should configure backups for mediawiki, the database, and LDAP.
  2. You should change passwords on all the services (wiki, ldap, db.) You may want to use Docker’s secrets mechanism, use salted hashes in LDAP, etc.
  3. You may want to configure the access policy in LDAP to suit your needs.
  4. You should set up LDAP to use your real content database, not the one in ldap/config/example.com.ldif.
  5. Other modifications are possible. This is a minimal project. Maybe you want more MediaWiki LDAP plugins?

About

A docker compose of MediaWiki integrated with OpenLDAP.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages