[Mediawiki-l] External Authorization
Lane, Ryan
Ryan.Lane at ocean.navo.navy.mil
Mon Sep 10 13:58:34 UTC 2007
> Hi, all! I'm working on integrating Mediawiki with our internal
access
> controls (specifically, Tivoli Access Manager). I have authentication
> working via a custom AuthPlugin, and now I'm starting on external
> authorization.
>
> Our plan is to have two groups: Users and Administrators. These will
be
> administered through Tivoli (and I'm already getting the groups during
my
> auto-login process). IDs with neither group will have read-only
access,
> IDs in the User group will be able to edit, move, etc, and
Administrators
> will have the remaining access (basically, the same as Sysop).
>
> What's the best way to accomplish this? userCan hooks? Modify
User.php?
> Something else?
>
> I'd really appreciate any insights you all might have!
See how the LDAP Authentication plugin does this (start tracing from the
authenticate method). I actually accepted a patch for it, so I won't
vouch for the code per se, but it does get the job done. Notice that
there is currently a performance issue associated with it when dealing
with large amounts of groups that will be fixed in the next version of
the plugin.
V/r,
Ryan Lane
More information about the MediaWiki-l
mailing list