[Mediawiki-l] SOLVED: Is LDAPAutoAuth Without Smartcard Supported?
John Thomson
thomsonj at stonewayconsulting.ca
Tue Mar 24 03:40:48 UTC 2009
Lane, Ryan wrote:
>> Seems like all I needed was a fresh perspective. The extension
>> /AutomaticRemote_User/
>> (http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER)
>> gives me
>> exactly what I need to do to seamlessly authenticate my users to
>> Mediawiki. Works perfectly. Between that and some of the
>> functionality
>> provided by /LDAPAuthentication/ for pulling AD attributes, I can
>> Frankenstein something up that should suffice till the next
>> version of
>> LDAPAuthentication is released.
>>
>>
>
> No need to frankenstein something together. Version 1.2a of the LDAP
> plugin (LDAPAuthentication.php and LDAPAutoAuthentication.php) should be
> able to handle any form of web authentication.
>
Not to sound dense, but can they be used in conjunction with one
another? Can I use LDAPAutoAuthentication to log the user into the wiki
AND use LDAPAuthentication to pull attributes using a proxy account?
> Kerberos auth is likely what you are using. You want to look at this
> documentation (just ignore the Apache stuff):
>
Yes, using Kerberos on between IE and IIS on Windows 2003.
>
> http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Kerberos_Con
> figuration_Examples
>
> Note that I haven't tested this with IIS (as I don't have a Windows 2003
> system to test with). I've tested this with Apache and MIT Kerberos.
>
I was getting error 500's from IIS, but I am going to take another look
this week...now that I *know* it can be done.
> The following line may need to change, depending on what you get back
> from IIS:
>
> $wgLDAPAutoAuthUsername = preg_replace( '/@.*/', '',
> $_SERVER["REMOTE_USER"] );
>
> This line is expecting "REMOTE_USER" to be returned as
> "username at DOMAIN". If IIS returns something else, you'll need to change
> it. For instance, if IIS simply returns "username" then you'll need to
> change this to:
>
> $wgLDAPAutoAuthUsername = $_SERVER["REMOTE_USER"];
>
Thank you, I'll play around some more. I'm not sure what IIS is
returning, so I'll have to see what the "AutomaticREMOTE_USER" is
expecting, since that works right away. From that, I'll know better how
to define $wgLDAPAutoAuthUsername.
Thanks for taking the time to respond, I really appreciate your help, Ryan.
John
> V/r,
>
> Ryan Lane
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>
More information about the MediaWiki-l
mailing list