[Systems] LDAP authentication in the wiki
fgrose at sugarlabs.org
Sun Nov 6 15:25:42 EST 2011
On Sun, Nov 6, 2011 at 1:10 AM, Aleksey Lim <alsroot at activitycentral.org>wrote:
> On Sun, Nov 06, 2011 at 01:16:53AM -0400, Bernie Innocenti wrote:
> > Hello,
> > I've enabled LDAP authentication on wiki-devel.sugarlabs.org using this
> > MediaWiki extension:
> > http://www.mediawiki.org/wiki/Extension:LDAP_Authentication
> > Notes:
> > * You should be able to login using your LDAP username and password.
> > * LDAP users that do not exist in the Mediawiki database are
> > automatically created.
> > * If there's no corresponding LDAP user, any pre-existing user
> > entry in the Mediawiki database is used. This provides a smooth
> > transition path.
> > * It's also possible to autocreate users in ldap, but I haven't
> > experimented with this yet.
> > The last point may be important: if it works well, we could tell users
> > to register in Mediawiki instead of creating a custom registration form.
> > Aleksey, what do you think?
> In fact, that was my initial idea. But if I got Fred right, there is an
> issue w/ easy cracking media wiki auth system to create users to spam.
Confirmed. Many wikis continue to struggle with new account page spam.
(I continue to delete several pages a day from wiki.laptop.org.)
Since we switched to OpenID, we have been practically spam free.
> btw, if wikipedia still uses its own auth system, why not doing the same
> for SL's wiki? (but create account page on wikipedia contain things like
> graphical captcha).
suggests using QuestyCaptcha.
Captchas introduce accessibility costs and maintenance costs.
Perhaps an experiment is the way to learn just what those are.
> > Please test and report anything odd.
> it works for my "alsroot" ldap account but does not for "test".
> maybe it is something w/ client side LDAP settings because "test" works
> fine via CAS.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Systems