[Systems] LDAP authentication in the wiki

Frederick Grose fgrose at sugarlabs.org
Sun Nov 6 15:25:42 EST 2011

Previous message: [Systems] LDAP authentication in the wiki
Next message: [Systems] LDAP authentication in the wiki
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Nov 6, 2011 at 1:10 AM, Aleksey Lim <alsroot at activitycentral.org>wrote:

> On Sun, Nov 06, 2011 at 01:16:53AM -0400, Bernie Innocenti wrote:
> > Hello,
> >
> > I've enabled LDAP authentication on wiki-devel.sugarlabs.org using this
> > MediaWiki extension:
> >
> >   http://www.mediawiki.org/wiki/Extension:LDAP_Authentication
> >
> > Notes:
> >
> >  * You should be able to login using your LDAP username and password.
> >
> >  * LDAP users that do not exist in the Mediawiki database are
> >    automatically created.
> >
> >  * If there's no corresponding LDAP user, any pre-existing user
> >    entry in the Mediawiki database is used. This provides a smooth
> >    transition path.
> >
> >  * It's also possible to autocreate users in ldap, but I haven't
> >    experimented with this yet.
> >
> > The last point may be important: if it works well, we could tell users
> > to register in Mediawiki instead of creating a custom registration form.
> > Aleksey, what do you think?
>
> In fact, that was my initial idea. But if I got Fred right, there is an
> issue w/ easy cracking media wiki auth system to create users to spam.
>

Confirmed. Many wikis continue to struggle with new account page spam.
(I continue to delete several pages a day from wiki.laptop.org.)
Since we switched to OpenID, we have been practically spam free.


> btw, if wikipedia still uses its own auth system, why not doing the same
> for SL's wiki? (but create account page on wikipedia contain things like
> graphical captcha).
>

http://lists.wikimedia.org/pipermail/mediawiki-l/2011-April/037138.html
suggests using QuestyCaptcha.

Captchas introduce accessibility costs and maintenance costs.
Perhaps an experiment is the way to learn just what those are.

         --Fred

<

>
> > Please test and report anything odd.
>
> it works for my "alsroot" ldap account but does not for "test".
> maybe it is something w/ client side LDAP settings because "test" works
> fine via CAS.
>
> --
> Aleksey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20111106/eda175a6/attachment.html>

Previous message: [Systems] LDAP authentication in the wiki
Next message: [Systems] LDAP authentication in the wiki
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list