The installation steps below were carried out on CentOS 6.4

Installation

Install MySql server and mysql-php module

yum install mysql-server mysql php-mysql
/sbin/chkconfig --levels 235 mysqld on
/sbin/service mysqld start

Change ‘root’ user password for mysql; Create mysql wiki database and user

mysql -uroot -p
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('newpassword') WHERE user='root';
mysql> FLUSH PRIVILEGES;
mysql> CREATE DATABASE wiki;
mysql> CREATE USER 'wikiuser'@'localhost' IDENTIFIED BY 'wikipassword';
mysql> GRANT ALL ON wiki.* TO 'wikiuser'@'localhost';
mysql> exit

Download the mediawiki, http://download.wikimedia.org/mediawiki/1.21/mediawiki-1.21.1.tar.gz
At the time of writing the latest version was 1.21.1

wget http://download.wikimedia.org/mediawiki/1.21/mediawiki-1.21.1.tar.gz

Untar the mediawiki to /var/www/html and give write permissions for config folder (Assuming that /var/www/html is the DocumentRoot)

tar -xzvf mediawiki-1.21.1.tar.gz
mv mediawiki-1.21.1 /var/www/html/wiki

Change the ownership of the wiki directory and grant write permissions to the config directory.

chown -R apache:apache /var/www/html/wiki
chmod a+w /var/www/html/wiki/config

Restart the apache server.

/sbin/service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

Go to http://localhost/wiki

Follow on screen setup steps to complete the installation

Access wiki http://localhost/wiki

Access Control

MediaWiki has “Anonymous, User, Bot, Sysop, Bureaucrats” groups by default. Change groups rights according to your needs, add following to LocalSettings.php file

## Anonymous
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['writeapi']  = false;

## User
$wgGroupPermissions['user' ]['move']            = false;
$wgGroupPermissions['user' ]['read']            = true;
$wgGroupPermissions['user' ]['edit']            = false;
$wgGroupPermissions['user' ]['createpage']      = false;
$wgGroupPermissions['user' ]['createtalk']      = false;
$wgGroupPermissions['user' ]['upload']          = false;
$wgGroupPermissions['user' ]['reupload']        = false;
$wgGroupPermissions['user' ]['reupload-shared'] = false;
$wgGroupPermissions['user' ]['minoredit']       = false;
$wgGroupPermissions['user' ]['purge']           = false;
$wgGroupPermissions['user' ]['move-subpages']   = false;
$wgGroupPermissions['user' ]['writeapi']        = false;

## Bot
$wgGroupPermissions['bot' ]['move']            = true;
$wgGroupPermissions['bot' ]['read']            = true;
$wgGroupPermissions['bot' ]['edit']            = true;
$wgGroupPermissions['bot' ]['createpage']      = true;
$wgGroupPermissions['bot' ]['createtalk']      = true;
$wgGroupPermissions['bot' ]['upload']          = true;
$wgGroupPermissions['bot' ]['reupload']        = true;
$wgGroupPermissions['bot' ]['reupload-shared'] = true;
$wgGroupPermissions['bot' ]['minoredit']       = true;
$wgGroupPermissions['bot' ]['purge']           = true;
$wgGroupPermissions['bot' ]['move-subpages']   = true;
$wgGroupPermissions['bot' ]['writeapi']        = true;

## Sysop
$wgGroupPermissions['sysop' ]['createaccount']   = false;
$wgGroupPermissions['sysop' ]['move']            = true;
$wgGroupPermissions['sysop' ]['read']            = true;
$wgGroupPermissions['sysop' ]['edit']            = true;
$wgGroupPermissions['sysop' ]['createpage']      = true;
$wgGroupPermissions['sysop' ]['createtalk']      = true;
$wgGroupPermissions['sysop' ]['upload']          = true;
$wgGroupPermissions['sysop' ]['reupload']        = true;
$wgGroupPermissions['sysop' ]['reupload-shared'] = true;
$wgGroupPermissions['sysop' ]['minoredit']       = true;
$wgGroupPermissions['sysop' ]['purge']           = true;
$wgGroupPermissions['sysop' ]['move-subpages']   = true;
$wgGroupPermissions['sysop' ]['writeapi']        = true;

## Bureaucrats
$wgGroupPermissions['bureaucrat' ]['userrights']      = true;
$wgGroupPermissions['bureaucrat' ]['move']            = false;
$wgGroupPermissions['bureaucrat' ]['read']            = false;
$wgGroupPermissions['bureaucrat' ]['edit']            = false;
$wgGroupPermissions['bureaucrat' ]['createpage']      = false;
$wgGroupPermissions['bureaucrat' ]['createtalk']      = false;
$wgGroupPermissions['bureaucrat' ]['upload']          = false;
$wgGroupPermissions['bureaucrat' ]['reupload']        = false;
$wgGroupPermissions['bureaucrat' ]['reupload-shared'] = false;
$wgGroupPermissions['bureaucrat' ]['minoredit']       = false;
$wgGroupPermissions['bureaucrat' ]['purge']           = false;
$wgGroupPermissions['bureaucrat' ]['move-subpages']   = false;
$wgGroupPermissions['bureaucrat' ]['writeapi']        = false;

## Diable autoconfirmed
$wgAutoConfirmAge = 3600 * 24 * 365 * 100;  ## 100 years
$wgGroupPermissions['autoconfirmed']['autoconfirmed'] = false;
$wgGroupPermissions['autoconfirmed']['read']          = false;

LDAP Configuration

LDAP Authentication extension is used to get mediawiki to authtenticate against LDAP. The author of the extension recommends using the tip of the git repository.

cd /var/www/wiki/extensions
git clone https://git.wikimedia.org/git/mediawiki/extensions/LdapAuthentication.git LdapAuthentication

Enable LDAP Authentication

Add following to LocalSettings.php file

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();

Configure LDAP Authentication

Following will allow members of “cn=wiki,ou=Wiki Groups,ou=groups,dc=chinasystems,dc=com” where wiki group is a groupOfNames type group.
Add following to LocalSettings.php file

$wgLDAPDomainNames        = array('CSUKDomain');
$wgLDAPServerNames        = array('CSUKDomain' => '88.88.88.75');
$wgLDAPPort               = array('CSUKDomain' => 389 );
$wgLDAPLowerCaseUsername  = array('CSUKDomain' => true );
$wgLDAPGroupUseFullDN     = array('CSUKDomain' => true );
$wgLDAPGroupObjectclass   = array('CSUKDomain' => 'groupOfNames' );
$wgLDAPGroupAttribute     = array('CSUKDomain' => 'member' );
$wgLDAPGroupSearchNestedGroups = array('CSUKDomain' => true );
$wgLDAPGroupNameAttribute = array('CSUKDomain' => "cn" );
$wgLDAPBaseDNs            = array('CSUKDomain' => "dc=chinasystems,dc=com" );
$wgLDAPUserBaseDNs        = array('CSUKDomain' => "ou=people,dc=chinasystems,dc=com" );
$wgLDAPGroupBaseDNs       = array('CSUKDomain' => "ou=groups,dc=chinasystems,dc=com" );
$wgLDAPSearchAttributes   = array('CSUKDomain' => "uid" );
$wgLDAPProxyAgent         = array('CSUKDomain' => 'uid=operator,ou=System,ou=people,dc=chinasystems,dc=com');
$wgLDAPProxyAgentPassword = array('CSUKDomain' => 'xxxxxxxx');
$wgLDAPGroupsUseMemberOf  = array('CSUKDomain' => true );
$wgLDAPRequiredGroups     = array('CSUKDomain' => array('cn=wiki,ou=Wiki Groups,ou=groups,dc=chinasystems,dc=com'));
$wgLDAPPreferences        = array('CSUKDomain' => array("email"=>"mail","realname"=>"cn","nickname"=>"uid","language"=>"preferredLanguage"));

Get MediaWiki to use LDAP Groups

Following will get MediaWiki to use wiki-admin group on LDAP and assign permissions of sysop to it
Add following to LocalSettings.php file

$wgLDAPUseLDAPGroups      = array('CSUKDomain' => true );

## wiki-admin
$wgGroupPermissions['wiki-admin'] = $wgGroupPermissions['sysop'];
Advertisements