I've added my latest LDAP Authentication patch to bugzilla:
http://bugzilla.wikipedia.org/show_bug.cgi?id=814
I will update my corresponding documentation to match the current patch level. This documentation is located here:
http://meta.wikimedia.org/wiki/LDAP_Authentication
Is this still being considered to be added to mediawiki 1.5? I'm almost positive all of the changes to the core code that are required for all of my planned functionality have been added. Almost all of the changes that were made were hooks, the rest were for security. If there are any required changes, bugfixes, or security concerns, let me know.
At this time, the LDAP patch has support for:
* Simple authentication through SSL using direct binds, or proxy-authentication ** Note: proxy authentication is not currently working using multiple domains. Also, you will not be able to add LDAP users when using proxy authentication yet. This will be added next version. * Storage/Retrieval of some user preferences * Ability to add new users to LDAP from Mediawiki * Ability to change LDAP passwords through Mediawiki * Ability to mail a temporary password so that users can change their LDAP password * Ability to do all of the above on multiple domains (including the local database)
Future versions will eventually have the following functionality:
* A custom schema for LDAP * Access control using security groups (Authentication only) * Ability to use smart cards, or CAC cards to login to mediawiki using certificates * Ability to use LDAP as a complete backend for user information using a single, or multiple domains (or a combination of LDAP and the local database as cache or backup)
If anyone can think of other features that should be added, let me know.
V/r,
Ryan Lane NAVOCEANO