mediawiki-l-bounces@lists.wikimedia.org schrieb am 06.10.2010 17:27:02:
My impression regarding A) is, that the LDAP-extension-plugin does not support cleartext communication with the LDAP-server out of the box,
so
unless you explicitly set the option to use cleartext, you will be
safe.
Am I right?
The default is LDAP via StartTLS, and it is enforced. You can change to LDAPS or cleartext LDAP, if you so choose.
Secure out of the box. Well designed :-) Thanks for reassuring.
[...]
I believe there is a way to do this. You'll need to make sure your cookies are marked as secure, and the web server ensures that login pages are forced SSL. There used to be a configuration hack, but it looks like the documentation is no longer on mediawiki.org. I'd find it in the history, but it may be gone for a reason.
I used the extension promoted by Daniel Barret in his reply to my post. As fas as I understood the source code, it does exactly what you describe here. And it works like a charme.
- Ryan Lane
Thank you Ryan and Daniel!
CU Arnd