On Wed, May 26, 2010 at 7:08 PM, Daniel Barrett <danb(a)vistaprint.com> wrote:
Ryan Lane suggested:
1. Use the Kerberos support in the LDAP plugin for
this.
Thanks Ryan. We previously tried a Kerberos auth solution for MediaWiki (Plexcel) but due
to a quirk in our setup, it could not work for us. The quirk is that our userPrincipalName
(
foo.com) does not equal our AD domain (
foo.net), an equivalence assumed at some level
(Kerberos or Plexcel). Additionally the kerberos library did not support a principal type
of KRB5_NT_ENTERPRISE_PRINCIPAL which is Windows specific. At least this is how it was
explained to me. I will take a look at your article.
If your web server supports it, the LDAP plugin will as well. My
support is based on web server authentication, and uses mod_auth_kerb
as an example. You can munge the $_SERVER["REMOTE_USER"] however
needed to get the username, and can match it against any LDAP
attribute you wish. The LDAP plugin is far more flexible than the
Plexcel one.
Respectfully,
Ryan Lane