[SAC] [OSGeo] #165: Wiki LDAP integration
Jorge Gustavo Rocha
jgr at osgeopt.pt
Tue Sep 19 03:22:42 PDT 2017
Hi Sandro,
On 19-09-2017 10:53, Sandro Santilli wrote:
> On Mon, Sep 18, 2017 at 11:36:40PM +0100, Jorge Gustavo Rocha wrote:
>
>> Thanks for your comment. I need to look at the data to have a better
>> understanding.
>
> Do you have access to that database already ?
No, I don't.
>
>> Your suggestion is just to create (or link) LDAP accounts from local
>> wiki accounts when the user logins, one by one? I thought that we could
>> try to create new LDAP entries for all local wiki accounts in one batch
>> and keep the logins restrict to LDAP accounts. Each user would receive
>> an email with a link to update his LDAP entry.
>
> Creating a _new_ LDAP account for eveh WIKI account would be overkill,
> as most WIKI users are probably already having a LDAP account.
>
> A match could be found by email, although both LDAP *and* WIKI
> accounts did not always verify emails in the past.
Only wiki accounts without a matching email in LDAP would be handled.
But I'm just guessing. I need to look at the data.
>
> Does the LDAP authentication plugin of Wikimedia already allows you
> to link a LDAP account to a local account ? Or what are the options
> to do that ?
>
The LDAP extension allows us to login using either a valid wiki account
or a valid LDAP account. The extension also allow us to create a LDAP
entry when creating a new wiki account (and it will be an LDAP account
and not a local wiki account). It does not provide any logic to create
an LDAP account after a successful login with a local wiki account.
If we want to link each wiki account after a successful login, we can
provide a hook [1] and write the desired behaviour.
[1] https://www.mediawiki.org/wiki/Manual:Hooks
> --strk;
>
Regards,
Jorge Gustavo
More information about the Sac
mailing list