<ahref="http://www.mediawiki.org"class="urlextern"title="http://www.mediawiki.org"rel="nofollow">MediaWiki</a> is a wiki software, used by the well known <ahref="http://www.wikipedia.org"class="urlextern"title="http://www.wikipedia.org"rel="nofollow">Wikipedia</a>.
We will explain how to use <ahref="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER"class="urlextern"title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER"rel="nofollow">Automatic REMOTE_USER</a> extension.
The extension is presented here: <ahref="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER"class="urlextern"title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER"rel="nofollow">http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER</a>
</p>
<p>
You can download the code here: <ahref="https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser"class="urlextern"title="https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser"rel="nofollow">https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser</a>
</p>
<p>
You have to install <code> Auth_remoteuser</code> in the <code>extensions/</code> directory of your MediaWiki installation:
</p>
<preclass="code">cp -a Auth_remoteuser/ extensions/</pre>
<preclass="code file php"><spanclass="re0">$wgAuthRemoteuserAuthz</span><spanclass="sy0">=</span><spanclass="kw4">true</span><spanclass="sy0">;</span><spanclass="coMULTI">/* Your own authorization test */</span>
<spanclass="re0">$wgAuthRemoteuserName</span><spanclass="sy0">=</span><spanclass="re0">$_SERVER</span><spanclass="br0">[</span><spanclass="st0">"HTTP_AUTH_CN"</span><spanclass="br0">]</span><spanclass="sy0">;</span><spanclass="coMULTI">/* User's name */</span>
<spanclass="re0">$wgAuthRemoteuserMail</span><spanclass="sy0">=</span><spanclass="re0">$_SERVER</span><spanclass="br0">[</span><spanclass="st0">"HTTP_AUTH_MAIL"</span><spanclass="br0">]</span><spanclass="sy0">;</span><spanclass="coMULTI">/* User's Mail */</span>
<spanclass="re0">$wgAuthRemoteuserNotify</span><spanclass="sy0">=</span><spanclass="kw4">false</span><spanclass="sy0">;</span><spanclass="coMULTI">/* Do not send mail notifications */</span>
<spanclass="co1">//$wgAuthRemoteuserDomain = "NETBIOSDOMAIN"; /* Remove NETBIOSDOMAIN\ from the beginning or @NETBIOSDOMAIN at the end of a IWA username */</span>
<spanclass="coMULTI">/* User's mail domain to append to the user name to make their email address */</span>
<divclass="notewarning">In last version of Auth_remoteuser and Mediawiki, empty passwords are not authorized, so you may need to patch the extension code if you get the error:
<divclass="notewarning">In last version of Auth_remoteuser and Mediawiki, auto-provisioning requires REMOTE_USER to match the normalized mediawiki username (for example: john_doe -> john doe), so you may need to patch the extension code if you get the error:
Configure MediaWiki virtual host like other <ahref="../configvhost.html"class="wikilink1"title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<divclass="noteimportant">If you are protecting MediaWiki with <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <ahref="../header_remote_user_conversion.html"class="wikilink1"title="documentation:2.0:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div><ul>
<liclass="level1"><divclass="li"> For Apache:</div>
<h3class="sectionedit7"id="mediawiki_virtual_host_in_manager">MediaWiki virtual host in Manager</h3>
<divclass="level3">
<p>
Go to the Manager and <ahref="../configvhost.html#lemonldapng_configuration"class="wikilink1"title="documentation:2.0:configvhost">create a new virtual host</a> for MediaWiki.
</p>
<p>
Just configure the <ahref="../writingrulesand_headers.html#rules"class="wikilink1"title="documentation:2.0:writingrulesand_headers">access rules</a>. You can also add a rule for logout:
You can create these two headers to fill user name and mail (see extension configuration):
</p>
<preclass="code">Auth-Cn => $cn
Auth-Mail => $mail</pre>
<p>
If using <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, configure also the <code>Auth-User</code><ahref="../writingrulesand_headers.html#headers"class="wikilink1"title="documentation:2.0:writingrulesand_headers">header</a>,