[MediaWiki-commits] [Gerrit] Update ldapauth and wikitech roles for AuthManager - change (mediawiki/vagrant)

Mon, 20 Jun 2016 13:50:44 -0700 

jenkins-bot has submitted this change and it was merged.

Change subject: Update ldapauth and wikitech roles for AuthManager
......................................................................


Update ldapauth and wikitech roles for AuthManager

Change-Id: Ic9923b04c6f736a93d2f0f6ba0aea0ac122ccd6b
---
M puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb
M puppet/modules/role/templates/wikitech/LdapAuth.php.erb
2 files changed, 27 insertions(+), 2 deletions(-)

Approvals:
  BryanDavis: Looks good to me, approved
  Gergő Tisza: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb 
b/puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb
index 19c243d..922d0a0 100644
--- a/puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb
+++ b/puppet/modules/role/templates/ldapauth/LdapAuthentication.php.erb
@@ -1,5 +1,17 @@
 //<?php
-$wgAuth = new LdapAuthenticationPlugin();
+if ( class_exists( MediaWiki\Auth\AuthManager::class ) && empty( 
$wgDisableAuthManager ) ) {
+       $wgAuthManagerAutoConfig['primaryauth'] += [
+               LdapPrimaryAuthenticationProvider::class => [
+                       'class' => LdapPrimaryAuthenticationProvider::class,
+                       'args' => [ [
+                               'authoritative' => true, // don't allow local 
non-LDAP accounts
+                       ] ],
+                       'sort' => 50, // must be smaller than local pw provider
+               ],
+       ];
+} else {
+       $wgAuth = new LdapAuthenticationPlugin();
+}
 
 $wgLDAPDomainNames = array( 'ldap' );
 $wgLDAPServerNames = array( 'ldap' => '127.0.0.1' );
diff --git a/puppet/modules/role/templates/wikitech/LdapAuth.php.erb 
b/puppet/modules/role/templates/wikitech/LdapAuth.php.erb
index a76315b..9bce82a 100644
--- a/puppet/modules/role/templates/wikitech/LdapAuth.php.erb
+++ b/puppet/modules/role/templates/wikitech/LdapAuth.php.erb
@@ -1,4 +1,17 @@
-$wgAuth = new LdapAuthenticationPlugin();
+if ( class_exists( MediaWiki\Auth\AuthManager::class ) && empty( 
$wgDisableAuthManager ) ) {
+       $wgAuthManagerAutoConfig['primaryauth'] += [
+               LdapPrimaryAuthenticationProvider::class => [
+                       'class' => LdapPrimaryAuthenticationProvider::class,
+                       'args' => [ [
+                               'authoritative' => true, // don't allow local 
non-LDAP accounts
+                       ] ],
+                       'sort' => 50, // must be smaller than local pw provider
+               ],
+       ];
+} else {
+       $wgAuth = new LdapAuthenticationPlugin();
+}
+
 $wgLDAPDomainNames = array('labs');
 $wgLDAPServerNames = array( 'labs' => 'localhost' );
 $wgLDAPSearchAttributes = array( 'labs' => 'cn' );

-- 
To view, visit https://gerrit.wikimedia.org/r/293117
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic9923b04c6f736a93d2f0f6ba0aea0ac122ccd6b
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: Dduvall <dduv...@wikimedia.org>
Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to