[Mediawiki-l] External Authorization

Christopher.Reigrut at Key.com Christopher.Reigrut at Key.com
Mon Sep 10 20:11:23 UTC 2007




Thanks for the tip, Ryan!  I actually was already looking at your code
(since we were originally going to authenticate via LDAP), but hadn't
gotten to your groups processing.  In fact, using basically the same
approach as yours I simply update and save the group information in my
AuthPlugin to mirror what's in TAM, and then created the appropriate access
rights in LocalSettings, and it all works like a charm!

Thanks to all who replied!
Christopher M. Reigrut
Applications Systems Architect
Key Technology Services / KeyBank
1000 South McCaslin Boulevard
Superior, Colorado 80027
720-304-1049


> ----- Message from "Lane, Ryan" <Ryan.Lane at ocean.navo.navy.mil> on
> Mon, 10 Sep 2007 08:58:34 -0500 -----
>
> To:
>
> "MediaWiki announcements and site admin list" <mediawiki-l at lists.
> wikimedia.org>
>
> Subject:
>
> Re: [Mediawiki-l] External Authorization
>
> > Hi, all!  I'm working on integrating Mediawiki with our internal
> access
> > controls (specifically, Tivoli Access Manager).  I have authentication
> > working via a custom AuthPlugin, and now I'm starting on external
> > authorization.
> >
> > Our plan is to have two groups:  Users and Administrators.  These will
> be
> > administered through Tivoli (and I'm already getting the groups during
> my
> > auto-login process).  IDs with neither group will have read-only
> access,
> > IDs in the User group will be able to edit, move, etc, and
> Administrators
> > will have the remaining access (basically, the same as Sysop).
> >
> > What's the best way to accomplish this?  userCan hooks?  Modify
> User.php?
> > Something else?
> >
> > I'd really appreciate any insights you all might have!
>
> See how the LDAP Authentication plugin does this (start tracing from the
> authenticate method). I actually accepted a patch for it, so I won't
> vouch for the code per se, but it does get the job done. Notice that
> there is currently a performance issue associated with it when dealing
> with large amounts of groups that will be fixed in the next version of
> the plugin.
>
> V/r,
>
> Ryan Lane



*******************************************************************************
This communication may contain privileged and/or confidential information. It
is intended solely for the use of the addressee. If you are not the intended
recipient, you are strictly prohibited from disclosing, copying, distributing
or using any of this information. If you received this communication in error,
please contact the sender immediately and destroy the material in its entirety,
whether electronic or hard copy. This communication may contain nonpublic personal
information about consumers subject to the restrictions of the 
Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose
such information for any purpose other than to provide the services for which
you are receiving the information.

127 Public Square, Cleveland, OH 44114
*******************************************************************************


If you prefer not to receive future e-mail offers for products or services from
Key send an e-mail to DNERequests at key.com with 'No Promotional E-mails' in the
SUBJECT line.


More information about the MediaWiki-l mailing list