[Mediawiki-l] SOLVED: Is LDAPAutoAuth Without Smartcard Supported?

John Thomson thomsonj at stonewayconsulting.ca
Tue Mar 24 03:40:48 UTC 2009 


Lane, Ryan wrote:
>> Seems like all I needed was a fresh perspective.  The extension 
>> /AutomaticRemote_User/ 
>> (http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER)
>>  gives me 
>> exactly what I need to do to seamlessly authenticate my users to 
>> Mediawiki.  Works perfectly.  Between that and some of the 
>> functionality 
>> provided by /LDAPAuthentication/ for pulling AD attributes, I can 
>> Frankenstein something up that should suffice till the next 
>> version of 
>> LDAPAuthentication is released.
>>
>>     
>
> No need to frankenstein something together. Version 1.2a of the LDAP
> plugin (LDAPAuthentication.php and LDAPAutoAuthentication.php) should be
> able to handle any form of web authentication.
>   
Not to sound dense, but can they be used in conjunction with one 
another?  Can I use LDAPAutoAuthentication to log the user into the wiki 
AND use LDAPAuthentication to pull attributes using a proxy account?
> Kerberos auth is likely what you are using. You want to look at this
> documentation (just ignore the Apache stuff):
>   
Yes, using Kerberos on between IE and IIS on Windows 2003.

> 	
> http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Kerberos_Con
> figuration_Examples
>
> Note that I haven't tested this with IIS (as I don't have a Windows 2003
> system to test with). I've tested this with Apache and MIT Kerberos.
>   
I was getting error 500's from IIS, but I am going to take another look 
this week...now that I *know* it can be done.
> The following line may need to change, depending on what you get back
> from IIS:
>
> 	$wgLDAPAutoAuthUsername = preg_replace( '/@.*/', '',
> $_SERVER["REMOTE_USER"] );
>
> This line is expecting "REMOTE_USER" to be returned as
> "username at DOMAIN". If IIS returns something else, you'll need to change
> it. For instance, if IIS simply returns "username" then you'll need to
> change this to:
>
> 	$wgLDAPAutoAuthUsername = $_SERVER["REMOTE_USER"];
>   
Thank you, I'll play around some more.  I'm not sure what IIS is 
returning, so I'll have to see what the "AutomaticREMOTE_USER" is 
expecting, since that works right away.  From that, I'll know better how 
to define $wgLDAPAutoAuthUsername.

Thanks for taking the time to respond, I really appreciate your help, Ryan.

John
> V/r,
>
> Ryan Lane
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>

More information about the MediaWiki-l mailing list