headers
Hanfred.Eschner | 3 Apr 2007 11:39

single sign-on and LdapAuthentication.php

Am I right, that LdapAuthentication.php at present does not offer a
single_sign-on access but "only" the security of authentication, so that
only authorized people have access to the company's wiki?

Thanks,
Hanfred
Permalink | Reply | 1 comment |
headers
Lane, Ryan | 3 Apr 2007 19:56
Picon

Re: single sign-on and LdapAuthentication.php

> Am I right, that LdapAuthentication.php at present does not 
> offer a single_sign-on access but "only" the security of 
> authentication, so that only authorized people have access to 
> the company's wiki?

Well, it depends on what you mean. Single sign on is kind of a generic
term.

The LDAP Authentication plugin does support CAC/Smartcard
authentication, and most auto-auth plugins can be (slightly) modified to
work with the LDAP plugin.

If you mean kerberos or ntlm, neither one currently work with the
plugin.
Permalink | Reply | 0 comments |
headers
Bjoern Metzdorf | 5 Apr 2007 19:27
Picon
Favicon

[PATCH]: making ldap wiki group synchronization work

Hello all,

we have developed a patch to make group synchronization work.

Please have a look at the attached patch or see 
http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication#Group_Syncronization

Regards,
Bjoern

--- LdapAuthentication.php-orig	2007-03-08 13:37:22.070548000 +0100
+++ LdapAuthentication.php	2007-04-05 19:00:56.267368111 +0200
 <at>  <at>  -1237,6 +1237,8  <at>  <at> 
 		foreach ($info as $i) {
 			$mem = strtolower($i['dn']);
 			$shortnamemem = strtolower($i[$nameattribute][0]);
+			//removing bogus AD groups with SSIDs or such in curly brackets behind name
+			if (strstr($mem, '{')) continue;

 			array_push($groups,$mem);
 			array_push($shortnamegroups,$shortnamemem);
 <at>  <at>  -1290,7 +1292,7  <at>  <at> 
 		$this->printDebug("Pulling groups from LDAP.",1);

 		# add groups permissions
-		$localAvailGrps = $user->getAllGroups();
+		$localAvailGrps = array_merge($user->getAllGroups(), $this->allLDAPGroups);
 		$localUserGrps = $user->getEffectiveGroups();
(Continue reading)

Permalink | Reply | 1 comment |
headers
Lane, Ryan | 5 Apr 2007 22:31
Picon

Re: [PATCH]: making ldap wiki groupsynchronization work

> Hello all,
> 
> we have developed a patch to make group synchronization work.
> 
> Please have a look at the attached patch or see 
> http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authenticati
> on#Group_Syncronization
> 
> Regards,
> Bjoern

The first change seems to be pretty AD specific (who knows if others are
legitimately using { in their groups?). I'm not sure of the purpose of
the second change, but I haven't looked at the code in a while. I'll
take a look at this soon.

V/r,

Ryan Lane
Permalink | Reply | 0 comments |

Gmane