diff --git a/modules/services/mediawiki.nix b/modules/services/mediawiki.nix
index 20b9b16..1f1f208 100644
--- a/modules/services/mediawiki.nix
+++ b/modules/services/mediawiki.nix
@@ -11,6 +11,11 @@ in
     owner = "mediawiki";
   };
 
+  age.secrets.mediawiki-ldap = {
+    file = ../../secrets/mediakiwi/mediawiki-ldap.age;
+    owner = "mediawiki";
+  };
+
   services.mediawiki = {
     enable = true;
 
@@ -53,6 +58,22 @@ in
       $wgEnotifWatchlist = true;
       # Peut-être utilisé pour les Wikistes
       $wgUsersNotifiedOnAllChanges = [];
+
+      # Auth
+      $wgPluggableAuth_EnableLocalLogin = true;
+      $LDAPAuthentication2AllowLocalLogin = true;
+      $LDAPProviderDomainConfigs = "${config.age.secrets.mediawiki-ldap.path}";
+      $wgPluggableAuth_Config = [
+        "Compte Crans" => [
+          'plugin' => 'LDAPAuthentication2',
+          'data' => [
+            'domain' => 'crans'
+          ]
+        ],
+        # "Note BDE" => [
+        #   'plugin' => 'OpenIDConnect',
+        # ]
+      ];
     
       # Theme
       $wgDefaultSkin = 'citizen';
@@ -77,6 +98,7 @@ in
 
     skins = {
       Citizen = pkgs.fetchFromGitHub {
+        name = "Citizen";
         owner = "StarCitizenTools";
         repo = "mediawiki-skins-Citizen";
         tag = "v3.2.0";
@@ -96,16 +118,18 @@ in
       TextExtracts = null;
       PageImages = null;
       Popups = pkgs.fetchFromGitHub {
+        name = "Popups";
         owner = "wikimedia";
         repo = "mediawiki-extensions-Popups";
         rev = "REL" + major + "_" + minor;
         # Le SHA doit être changé à chaque nouveau commit de traduction.
         # Pas de meilleure solution à ma connaissance pour suivre les releases.
-        sha256 = "sha256-deKDEC87yTQrToZC5yNAH9tmV/5pFa4gsaSuOYXfIEo=";
+        sha256 = "sha256-Vn/XGVYvM5doPtTEONESdVhgZlH/Fku74MeQbGrwU/E=";
       };
 
       # Auth
       PluggableAuth = pkgs.fetchFromGitHub {
+        name = "PluggableAuth";
         owner = "wikimedia";
         repo = "mediawiki-extensions-PluggableAuth";
         rev = "REL" + major + "_" + minor;
@@ -113,7 +137,17 @@ in
         # Pas de meilleure solution à ma connaissance pour suivre les releases.
         sha256 = "sha256-3+nzeWemVAHGmLz3ZMvDSvP2UCmsnEiGJcE/oEakr2s=";
       };
+      LDAPProvider = pkgs.fetchFromGitHub {
+        name = "LDAPProvider";
+        owner = "wikimedia";
+        repo = "mediawiki-extensions-LDAPProvider";
+        rev = "REL" + major + "_" + minor;
+        # Le SHA doit être changé à chaque nouveau commit de traduction.
+        # Pas de meilleure solution à ma connaissance pour suivre les releases.
+        sha256 = "sha256-bpj+MS4XKLoDdtEK+Mv7Ifa6qz215jKhSL1DOOw4ZPs=";
+      };
       LDAPAuthentication2 = pkgs.fetchFromGitHub {
+        name = "LDAPAuthentication2";
         owner = "wikimedia";
         repo = "mediawiki-extensions-LDAPAuthentication2";
         rev = "REL" + major + "_" + minor;
@@ -122,6 +156,7 @@ in
         sha256 = "sha256-oi5rliHb4KnLbvQxO7MGuLp/FEucoGR/Z0NP1gmbgMc=";
       };
       OpenIDConnect = pkgs.fetchFromGitHub {
+        name = "OpenIDConnect";
         owner = "wikimedia";
         repo = "mediawiki-extensions-OpenIDConnect";
         rev = "REL" + major + "_" + minor;
diff --git a/secrets.nix b/secrets.nix
index ac579c1..332b722 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -112,4 +112,5 @@ in
   "secrets/neo/database-extra-config.age".publicKeys = [ neo ];
   "secrets/neo/matrix-appservice-irc-password.age".publicKeys = [ neo ];
   "secrets/mediakiwi/mediawiki-admin-passwd.age".publicKeys = [ mediakiwi ];
+  "secrets/mediakiwi/mediawiki-ldap.age".publicKeys = [ mediakiwi ];
 }
diff --git a/secrets/mediakiwi/mediawiki-ldap.age b/secrets/mediakiwi/mediawiki-ldap.age
new file mode 100644
index 0000000..deb7260
Binary files /dev/null and b/secrets/mediakiwi/mediawiki-ldap.age differ