[SAC] Wiki LDAP Migration

Christopher Schmidt crschmidt at metacarta.com
Mon Mar 9 15:08:51 EDT 2009 

On Mon, Mar 09, 2009 at 11:47:26AM -0700, Jason Birch wrote:
> I believe that we have a multi server wildcard SSL certificate from
> digicert; it should be possible to back up the cert from osgeo1 and
> install it on osgeo2.  Although I have absolutely no experience with SSL
> on linux, these pages seem to offer some guidance on how to do this:

My understanding is that this is not correct, but I also acknowledge
that I'm not knowledgable enough to be the source o this.

> http://www.digicert.com/import-export-ssl-certificate.htm
> http://www.digicert.com/ssl-support/apache-ssl-export.htm
> http://www.digicert.com/ssl-certificate-installation-apache.htm
> 
> I really think that it would be unwise to allow LDAP authentication in
> plain text.  Instructions for requiring SSL for login only on Mediawiki
> (similar to how we do it with Drupal) are available here:

We allow LDAP auth over plain text in many different places throughout
our infrastructure. I have no intention of changing that. However, I
accept that people who value their usernames and passwords may care. As
such, I will accept that we should not switch the wiki until we set up
HTTPS.

However, I also realize that this is the same problem we've run into
every time we bring this up. Since I have no interest in doing this
work, I apologize for bringing it up again, and I withdraw the question
regarding moving the wiki over to LDAP logins.

-- Chris

> http://www.mediawiki.org/wiki/Manual:Configuration_tips_and_tricks#HTTPS
> _on_Login_only
> 
> Jason
> 
> -----Original Message-----
> From: Christopher Schmidt
> Sent: March-09-09 10:12 AM
> To: System Administration Committee Discussion/OSGeo
> Subject: Re: [SAC] Wiki LDAP Migration
> 
> I don't believe that wiki.osgeo.org can be put under our standard SSL  
> certificate because it is hosted on osgeo2. If you wish to set up a
> self-signed cert for this hostname, I can help you make that happen;
> what access do you not have? You want to hop on IRC at some point and
> walk me through the steps of what to do to set this up? 
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac

-- 
Christopher Schmidt
MetaCarta

More information about the Sac mailing list