Seems like all I needed was a fresh perspective. The extension /AutomaticRemote_User/ (http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER) gives me exactly what I need to do to seamlessly authenticate my users to Mediawiki. Works perfectly. Between that and some of the functionality provided by /LDAPAuthentication/ for pulling AD attributes, I can Frankenstein something up that should suffice till the next version of LDAPAuthentication is released.
No need to frankenstein something together. Version 1.2a of the LDAP plugin (LDAPAuthentication.php and LDAPAutoAuthentication.php) should be able to handle any form of web authentication.
Kerberos auth is likely what you are using. You want to look at this documentation (just ignore the Apache stuff):
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Kerberos_Con figuration_Examples
Note that I haven't tested this with IIS (as I don't have a Windows 2003 system to test with). I've tested this with Apache and MIT Kerberos.
The following line may need to change, depending on what you get back from IIS:
$wgLDAPAutoAuthUsername = preg_replace( '/@.*/', '', $_SERVER["REMOTE_USER"] );
This line is expecting "REMOTE_USER" to be returned as "username@DOMAIN". If IIS returns something else, you'll need to change it. For instance, if IIS simply returns "username" then you'll need to change this to:
$wgLDAPAutoAuthUsername = $_SERVER["REMOTE_USER"];
V/r,
Ryan Lane