Lane, Ryan wrote: >> Seems like all I needed was a fresh perspective. The extension >> /AutomaticRemote_User/ >> (http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER) >> gives me >> exactly what I need to do to seamlessly authenticate my users to >> Mediawiki. Works perfectly. Between that and some of the >> functionality >> provided by /LDAPAuthentication/ for pulling AD attributes, I can >> Frankenstein something up that should suffice till the next >> version of >> LDAPAuthentication is released. >> >> > > No need to frankenstein something together. Version 1.2a of the LDAP > plugin (LDAPAuthentication.php and LDAPAutoAuthentication.php) should be > able to handle any form of web authentication. > Not to sound dense, but can they be used in conjunction with one another? Can I use LDAPAutoAuthentication to log the user into the wiki AND use LDAPAuthentication to pull attributes using a proxy account? > Kerberos auth is likely what you are using. You want to look at this > documentation (just ignore the Apache stuff): > Yes, using Kerberos on between IE and IIS on Windows 2003.
> > http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Kerberos_Con > figuration_Examples > > Note that I haven't tested this with IIS (as I don't have a Windows 2003 > system to test with). I've tested this with Apache and MIT Kerberos. > I was getting error 500's from IIS, but I am going to take another look this week...now that I *know* it can be done. > The following line may need to change, depending on what you get back > from IIS: > > $wgLDAPAutoAuthUsername = preg_replace( '/@.*/', '', > $_SERVER["REMOTE_USER"] ); > > This line is expecting "REMOTE_USER" to be returned as > "usern...@domain". If IIS returns something else, you'll need to change > it. For instance, if IIS simply returns "username" then you'll need to > change this to: > > $wgLDAPAutoAuthUsername = $_SERVER["REMOTE_USER"]; > Thank you, I'll play around some more. I'm not sure what IIS is returning, so I'll have to see what the "AutomaticREMOTE_USER" is expecting, since that works right away. From that, I'll know better how to define $wgLDAPAutoAuthUsername. Thanks for taking the time to respond, I really appreciate your help, Ryan. John > V/r, > > Ryan Lane > > _______________________________________________ > MediaWiki-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > > _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
