Lane, Ryan wrote:
Seems like all
I needed was a fresh perspective. The extension
/AutomaticRemote_User/
(
http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER)
gives me
exactly what I need to do to seamlessly authenticate my users to
Mediawiki. Works perfectly. Between that and some of the
functionality
provided by /LDAPAuthentication/ for pulling AD attributes, I can
Frankenstein something up that should suffice till the next
version of
LDAPAuthentication is released.
No need to frankenstein something together. Version 1.2a of the LDAP
plugin (LDAPAuthentication.php and LDAPAutoAuthentication.php) should be
able to handle any form of web authentication.
Not to sound dense, but can they be used in conjunction with one
another? Can I use LDAPAutoAuthentication to log the user into the wiki
AND use LDAPAuthentication to pull attributes using a proxy account?
Kerberos auth is likely what you are using. You want
to look at this
documentation (just ignore the Apache stuff):
Yes, using Kerberos on between IE and IIS on Windows 2003.
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Kerberos_Con
figuration_Examples
Note that I haven't tested this with IIS (as I don't have a Windows 2003
system to test with). I've tested this with Apache and MIT Kerberos.
I was getting error 500's from IIS, but I am going to take another look
this week...now that I *know* it can be done.
The following line may need to change, depending on
what you get back
from IIS:
$wgLDAPAutoAuthUsername = preg_replace( '/@.*/', '',
$_SERVER["REMOTE_USER"] );
This line is expecting "REMOTE_USER" to be returned as
"username@DOMAIN". If IIS returns something else, you'll need to change
it. For instance, if IIS simply returns "username" then you'll need to
change this to:
$wgLDAPAutoAuthUsername = $_SERVER["REMOTE_USER"];
Thank you, I'll play around some more. I'm not sure what IIS is
returning, so I'll have to see what the "AutomaticREMOTE_USER" is
expecting, since that works right away. From that, I'll know better how
to define $wgLDAPAutoAuthUsername.
Thanks for taking the time to respond, I really appreciate your help, Ryan.
John
V/r,
Ryan Lane
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l