Revision history for LDAPauthenticationInfo
Revision [23328]
Last edited on 2016-05-20 07:38:47 by BrianKoontz [Replaces old-style internal links with new pipe-split links.]Additions:
~- To-do: test code with [[http://www.openldap.org | OpenLDAP]] (was only tested against Active Directory on Windows 2003)
Deletions:
Additions:
=====LDAPauthentication Documentation=====
//Not included in official Wikka version//
>>==See also:==
Development: [[LDAPauthentication]]>>This is the documentation page for LDAPauthentication.::c::
===Documentation===
==Short description==
Authenticates a user against a LDAP directory.
==Parameters and configuration==
Three configuration parameters have been added to wikka.config.php:
""<table cellspacing="0" cellpadding="2" border="1">
<thead>
<tr><th scope="col">name</th><th scope="col">type</th><th scope="col">required?</th><th scope="col">default</th><th scope="col">description</th></tr>
</thead>
<tbody>
<tr><td>user_identification</td><td>string</td><td>required</td><td>wikka</td><td>Set to 'ldap' to enable LDAP authentication</td></tr>
<tr><td>ldap_server</td><td>string</td><td>required</td><td></td><td>Name or IP address of the LDAP server</td></tr>
<tr><td>ldap_name</td><td>string</td><td>required</td><td></td><td>LDAP Relative Distinguished Name (RDN) to use in the bind() operation. Its value depends on your directory's structure</td></tr>
</tbody>
</table>""
==Long description==
With this extension, it is possible to add to the built-in authentication of WikkaWiki an alternative authentication method: the lookup of the user's credentials (login/password) into a LDAP-compliant directory. The main benefit is that it is not necessary for users to remember a specific password in order to log into the wiki.
===Notes===
~- If the LDAP authentication fails, there is a fallback to the standard built-in authentication. Therefore, LDAP-authenticated and wiki-authenticated users can coexist
~- To accomodate differences in naming schemes between the wiki and the LDAP directory, one can modify the function LDAP_wikiname_to_login() which defines an algorithmical mapping between the two types of identifiers (i.e. it translates a wiki name into a LDAP user name)
~~- its default version simply turns the WikiName into lowercase
~- Users still need to sign-up into the wiki and to define their settings (in other words, the full set of user settings is not obtained from the LDAP directory)
~~- this is a bit clumsy, but it avoids changing the data model and the native authentication scheme
~- To turn off the feature and go back to the native authentication scheme, set ##"user_identification" => "wikka"## in wikka.config.php
~- In an Active Directory environment, it seems a good value for ldap_name is: 'mydomain\\%s' where mydomain is the Windows server domain name
~- A main difference with the existing ActiveDirectory extension is that the latter authenticates the user's computer, and not the user herself, and requires to configure manually the association between WikiName and LDAP user name
===To-do, bugs and limitations===
~- To-do: test code with [[http://www.openldap.org OpenLDAP]] (was only tested against Active Directory on Windows 2003)
~- Limitation: communication between the web server and the LDAP host is not encrypted and passwords are sent in clear text. This is a potential security breach.
==Author==
DomBonj
CategoryDocumentation
//Not included in official Wikka version//
>>==See also:==
Development: [[LDAPauthentication]]>>This is the documentation page for LDAPauthentication.::c::
===Documentation===
==Short description==
Authenticates a user against a LDAP directory.
==Parameters and configuration==
Three configuration parameters have been added to wikka.config.php:
""<table cellspacing="0" cellpadding="2" border="1">
<thead>
<tr><th scope="col">name</th><th scope="col">type</th><th scope="col">required?</th><th scope="col">default</th><th scope="col">description</th></tr>
</thead>
<tbody>
<tr><td>user_identification</td><td>string</td><td>required</td><td>wikka</td><td>Set to 'ldap' to enable LDAP authentication</td></tr>
<tr><td>ldap_server</td><td>string</td><td>required</td><td></td><td>Name or IP address of the LDAP server</td></tr>
<tr><td>ldap_name</td><td>string</td><td>required</td><td></td><td>LDAP Relative Distinguished Name (RDN) to use in the bind() operation. Its value depends on your directory's structure</td></tr>
</tbody>
</table>""
==Long description==
With this extension, it is possible to add to the built-in authentication of WikkaWiki an alternative authentication method: the lookup of the user's credentials (login/password) into a LDAP-compliant directory. The main benefit is that it is not necessary for users to remember a specific password in order to log into the wiki.
===Notes===
~- If the LDAP authentication fails, there is a fallback to the standard built-in authentication. Therefore, LDAP-authenticated and wiki-authenticated users can coexist
~- To accomodate differences in naming schemes between the wiki and the LDAP directory, one can modify the function LDAP_wikiname_to_login() which defines an algorithmical mapping between the two types of identifiers (i.e. it translates a wiki name into a LDAP user name)
~~- its default version simply turns the WikiName into lowercase
~- Users still need to sign-up into the wiki and to define their settings (in other words, the full set of user settings is not obtained from the LDAP directory)
~~- this is a bit clumsy, but it avoids changing the data model and the native authentication scheme
~- To turn off the feature and go back to the native authentication scheme, set ##"user_identification" => "wikka"## in wikka.config.php
~- In an Active Directory environment, it seems a good value for ldap_name is: 'mydomain\\%s' where mydomain is the Windows server domain name
~- A main difference with the existing ActiveDirectory extension is that the latter authenticates the user's computer, and not the user herself, and requires to configure manually the association between WikiName and LDAP user name
===To-do, bugs and limitations===
~- To-do: test code with [[http://www.openldap.org OpenLDAP]] (was only tested against Active Directory on Windows 2003)
~- Limitation: communication between the web server and the LDAP host is not encrypted and passwords are sent in clear text. This is a potential security breach.
==Author==
DomBonj
CategoryDocumentation
Deletions:
This page can now be found on the [[Docs:LDAPauthenticationInfo Wikka Documentation Server]].
Thanks for updating your bookmarks!
An archive of [[http://wikkawiki.org/LDAPauthenticationInfo/revisions
old revisions of this page]] is still available for reference.<<
::c::
CategoryMigratedDocs
Additions:
<<===This page has moved===
This page can now be found on the [[Docs:LDAPauthenticationInfo Wikka Documentation Server]].
Thanks for updating your bookmarks!
An archive of [[http://wikkawiki.org/LDAPauthenticationInfo/revisions
old revisions of this page]] is still available for reference.<<
::c::
CategoryMigratedDocs
This page can now be found on the [[Docs:LDAPauthenticationInfo Wikka Documentation Server]].
Thanks for updating your bookmarks!
An archive of [[http://wikkawiki.org/LDAPauthenticationInfo/revisions
old revisions of this page]] is still available for reference.<<
::c::
CategoryMigratedDocs
Deletions:
//Not included in official Wikka version//
>>==See also:==
Development: [[LDAPauthentication]]>>This is the documentation page for LDAPauthentication.::c::
===Documentation===
==Short description==
Authenticates a user against a LDAP directory.
==Parameters and configuration==
Three configuration parameters have been added to wikka.config.php:
""<table cellspacing="0" cellpadding="2" border="1">
<thead>
<tr><th scope="col">name</th><th scope="col">type</th><th scope="col">required?</th><th scope="col">default</th><th scope="col">description</th></tr>
</thead>
<tbody>
<tr><td>user_identification</td><td>string</td><td>required</td><td>wikka</td><td>Set to 'ldap' to enable LDAP authentication</td></tr>
<tr><td>ldap_server</td><td>string</td><td>required</td><td></td><td>Name or IP address of the LDAP server</td></tr>
<tr><td>ldap_name</td><td>string</td><td>required</td><td></td><td>LDAP Relative Distinguished Name (RDN) to use in the bind() operation. Its value depends on your directory's structure</td></tr>
</tbody>
</table>""
==Long description==
With this extension, it is possible to add to the built-in authentication of WikkaWiki an alternative authentication method: the lookup of the user's credentials (login/password) into a LDAP-compliant directory. The main benefit is that it is not necessary for users to remember a specific password in order to log into the wiki.
===Notes===
~- If the LDAP authentication fails, there is a fallback to the standard built-in authentication. Therefore, LDAP-authenticated and wiki-authenticated users can coexist
~- To accomodate differences in naming schemes between the wiki and the LDAP directory, one can modify the function LDAP_wikiname_to_login() which defines an algorithmical mapping between the two types of identifiers (i.e. it translates a wiki name into a LDAP user name)
~~- its default version simply turns the WikiName into lowercase
~- Users still need to sign-up into the wiki and to define their settings (in other words, the full set of user settings is not obtained from the LDAP directory)
~~- this is a bit clumsy, but it avoids changing the data model and the native authentication scheme
~- To turn off the feature and go back to the native authentication scheme, set ##"user_identification" => "wikka"## in wikka.config.php
~- In an Active Directory environment, it seems a good value for ldap_name is: 'mydomain\\%s' where mydomain is the Windows server domain name
~- A main difference with the existing ActiveDirectory extension is that the latter authenticates the user's computer, and not the user herself, and requires to configure manually the association between WikiName and LDAP user name
===To-do, bugs and limitations===
~- To-do: test code with [[http://www.openldap.org OpenLDAP]] (was only tested against Active Directory on Windows 2003)
~- Limitation: communication between the web server and the LDAP host is not encrypted and passwords are sent in clear text. This is a potential security breach.
==Author==
DomBonj
CategoryDocumentation
Additions:
Development: [[LDAPauthentication]]>>This is the documentation page for LDAPauthentication.::c::
