This extension is part of the LDAP Stack and requires the LDAPProvider extension to be installed first.

This extension provides a mechanism to synchronize users in the database and users in active directory.

MediaWiki extensions manual

LDAPSyncAll Release status: stableCategory:Stable extensions
Description	Used to synchronize users
Author(s)	Cindy Cicalese, Mark A. Hershberger, Robert Vogel
Latest version	1.0.0
Compatibility policy	Snapshots releases along with MediaWiki. Master is not backward compatible.Category:Extensions with release branches compatibility policy
MediaWiki	1.31+Category:Extensions with manual MediaWiki version
License	GNU General Public License 2.0 or later
Download	Download extension Git [?]: Browse repository (Phabricator · GitHub) Gerrit code review Git commit log Download source tarball Category:Extensions in Wikimedia version control
Parameters $wgUserPageContent $wgExcludedUsernames $wgUsersSyncMechanism $wgBlockExecutorUsername $wgExcludedGroups
Hooks used ChangeTagsAllowedAdd Category:ChangeTagsAllowedAdd extensions
Quarterly downloads	16 (Ranked 85th)
Translate the LDAPSyncAll extension if it is available at translatewiki.net
Issues	Open tasks · Report a bug

• If a user is in LDAP, but not in the database => the user is added to the database
• If a user is in the database, but not in LDAP => the user account will be disabled in the database

Installation

Execute within MediaWiki root or add mediawiki/ldap-sync-all to the composer.json file of your projectː

composer require mediawiki/ldap-sync-all dev-REL1_31

Activation

Add the following line to your LocalSettings.phpː

wfLoadExtension( 'LDAPSyncAll' );

Usage

The extension provides a maintenance script that you can simply run from your console PHP maintenance/SyncLDAPUsers.php. In addition, there is a RunJobsTriggerHandler that runs once a day.

Configuration

You need to add the following line in your LocalSettings.php. Don't forget to change "Admin" to the username who has admin permissions. This user disables accounts that are not in LDAP.

$GLOBALS['LDAPSyncAllBlockExecutorUsername'] = 'Admin';

You can specify usernames and usergroups that you want to exclude from disabling, for example:

$GLOBALS['LDAPSyncAllExcludedUsernames'] = [ 'Bob', 'Emily' ];

$GLOBALS['LDAPSyncAllExcludedGroups'] = [ 'bot', 'editor' ];

This extension is included in the following wiki farms/hosts and/or packages: BlueSpice Category:Extensions included in BlueSpice This is not an authoritative list. Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm.