Hi,

"Local" users are on an identified network address range (via .htaccess) and "remote" users are anyone who's not "local." In both cases they have accounts.  The problem is Apache won't pass REMOTE_USER if the directory is considered to not require auth, which I need to have the site read-only for logged in local users. The only thing I've been able to come up with is to duplicate the MW instance using the same database at a different locations, but that means people will be using different URLs. I also set up a scheme where a directory requiring htauth login stores REMOTE_USER in a session variable then bounces them back, but it required further hacks and I'd prefer something cleaner.

David


On 7 September 2013 06:07, Виталий Филиппов <vitalif@yourcmc.ru> wrote:
Hi David! What do you exactly mean by "local" and "remote" users? Where do either of them really have accounts?

david mason <vid_wikimedia_enterprise@zooid.org> пишет:

Hi all,

I've been hacking at this for a while and hoping someone has solved it.

I am trying to set up MediaWiki with LDAP so users from a remote network must log in, but it's optional on the local network. I don't want users to have to log in twice, so I set up Extension:AutomaticREMOTE_USER (htauth) which works well for remote users, but I can't determine a good way to permit login for local users in the same instance.

I've tried a variety of hacks, including setting a directory where the local user must log in then directing them back, but Apache won't pass REMOTE_USER in the MW directory for a local user, and other hacks are all ugly in one way or another. Does anyone have any ideas? 

Thanks! 

David



Mediawiki-enterprise mailing list
Mediawiki-enterprise@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise

_______________________________________________
Mediawiki-enterprise mailing list
Mediawiki-enterprise@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise