jenkins-bot has submitted this change and it was merged. Change subject: Update ldapauth and wikitech roles for AuthManager ......................................................................
Update ldapauth and wikitech roles for AuthManager Change-Id: Ic9923b04c6f736a93d2f0f6ba0aea0ac122ccd6b --- M puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb M puppet/modules/role/templates/wikitech/LdapAuth.php.erb 2 files changed, 27 insertions(+), 2 deletions(-) Approvals: BryanDavis: Looks good to me, approved Gergő Tisza: Looks good to me, but someone else must approve jenkins-bot: Verified diff --git a/puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb b/puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb index 19c243d..922d0a0 100644 --- a/puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb +++ b/puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb @@ -1,5 +1,17 @@ //<?php -$wgAuth = new LdapAuthenticationPlugin(); +if ( class_exists( MediaWiki\Auth\AuthManager::class ) && empty( $wgDisableAuthManager ) ) { + $wgAuthManagerAutoConfig['primaryauth'] += [ + LdapPrimaryAuthenticationProvider::class => [ + 'class' => LdapPrimaryAuthenticationProvider::class, + 'args' => [ [ + 'authoritative' => true, // don't allow local non-LDAP accounts + ] ], + 'sort' => 50, // must be smaller than local pw provider + ], + ]; +} else { + $wgAuth = new LdapAuthenticationPlugin(); +} $wgLDAPDomainNames = array( 'ldap' ); $wgLDAPServerNames = array( 'ldap' => '127.0.0.1' ); diff --git a/puppet/modules/role/templates/wikitech/LdapAuth.php.erb b/puppet/modules/role/templates/wikitech/LdapAuth.php.erb index a76315b..9bce82a 100644 --- a/puppet/modules/role/templates/wikitech/LdapAuth.php.erb +++ b/puppet/modules/role/templates/wikitech/LdapAuth.php.erb @@ -1,4 +1,17 @@ -$wgAuth = new LdapAuthenticationPlugin(); +if ( class_exists( MediaWiki\Auth\AuthManager::class ) && empty( $wgDisableAuthManager ) ) { + $wgAuthManagerAutoConfig['primaryauth'] += [ + LdapPrimaryAuthenticationProvider::class => [ + 'class' => LdapPrimaryAuthenticationProvider::class, + 'args' => [ [ + 'authoritative' => true, // don't allow local non-LDAP accounts + ] ], + 'sort' => 50, // must be smaller than local pw provider + ], + ]; +} else { + $wgAuth = new LdapAuthenticationPlugin(); +} + $wgLDAPDomainNames = array('labs'); $wgLDAPServerNames = array( 'labs' => 'localhost' ); $wgLDAPSearchAttributes = array( 'labs' => 'cn' ); -- To view, visit https://gerrit.wikimedia.org/r/293117 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic9923b04c6f736a93d2f0f6ba0aea0ac122ccd6b Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/vagrant Gerrit-Branch: master Gerrit-Owner: Anomie <bjor...@wikimedia.org> Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org> Gerrit-Reviewer: Dduvall <dduv...@wikimedia.org> Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits