[Systems] LDAP authentication in the wiki

[Bernie Innocenti]

On Wed, 2011-11-09 at 09:27 +0000, Aleksey Lim wrote:
> On Wed, Nov 09, 2011 at 02:12:43AM -0500, Bernie Innocenti wrote:
> > On Sun, 2011-11-06 at 06:10 +0000, Aleksey Lim wrote:
> > 
> > > In fact, that was my initial idea. But if I got Fred right, there is an
> > > issue w/ easy cracking media wiki auth system to create users to spam.
> > > 
> > > btw, if wikipedia still uses its own auth system, why not doing the same
> > > for SL's wiki? (but create account page on wikipedia contain things like
> > > graphical captcha).
> > 
> > Sorry, I don't understand: when you wrote "wikipedia", did you mean
> > mediawiki instead?
> 
> I meant wikipedia, it uses mediawiki's internal account creation system
> (w/ captcha plugin Fred mentioned).

Ok, then let's try adding the captcha.


> > Perhaps there's already a "test" account in Mediawiki?
> 
> I renamed existed "test" account (which worked fine for "alsroot").
> btw, I created ldap "test" account directly by via ldapvi.

The user has a straight md5 password with no salt. I think it should be
md5-crypt. Maybe this is  the problem.

Use system-useradd to create the account. When you're done, you can
delete the account with system-userdel.

We could create a new shell script that creates users in LDAP without a
posixAccount class. Mediawiki can also create LDAP entries, but I
haven't tested it yet.

-- 
Bernie Innocenti
Sugar Labs Infrastructure Team
http://wiki.sugarlabs.org/go/Infrastructure_Team