Hello Jean-Philippe,
I could not reach you by your private email address. (host lookup failure)
The LDAP implementation of UA2 is effectively a clone of the original in
the standard pmwiki code. Therefore, I guess the accent problem will be
the same.
If there were still problems getting LDAP to
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
.
Upgrading the UserAuth2 recipe to version 2.1-beta4 will resolve the
issues. Upgrading is definitely recommended if cookie authentication is
enabled and
echo mt_rand(1, 0xf) . \n; // more than 8 fs
results in a single value upon repeated calling on your system.
ThomasP
http://www.pmwiki.org
cases where one should not talk
too much - some silence actually adds here to the security.
I hope this seed can somehow fall on fruitful ground. (After my latest
experiences my desire has grown to rather have a secure wiki, even if the
necessary measures can be deployed only gradually.)
ThomasP
));
and this line repeated with MYGROUP replaced with your groups found in the
LDAP tree.
Then authuser permission granting as usual.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Sat, January 12, 2008 8:34 pm, Gary Spivey wrote:
Attached is a limited file that should give you what you need - it is an
ldif dump on a few people and groups and the ldif headings and such.
In ExternAuth, I look for session variables that have been set
($authenticated, $username, and
Hello list,
starting from version 2.1-beta2 the UserAuth2 module will include support
for authentication against an LDAP server.
Configuration can be done in exactly the same manner as for AuthUser, by
placing a line like
$AuthUser['ldap'] = 'ldap://host:port/basedn?attribute?scope?filter'
in
On Mon, December 17, 2007 1:33 pm, ThomasP wrote:
...
For the level 'attr', I just noticed that at the moment it's hardwired
denied, but it's sufficient to uncomment the line in userauth2.php
containing the word frequently to get this part already resolved. (This
will just grant 'attr
On Wed, December 12, 2007 12:03 am, Dean Staub wrote:
Hi Thomas, thanks for your response.
I have found some time to follow your instructions above.
The results of your debug output are as follows for the error accessing
a zap function;
2007-12-12 09:18:56 EST USAU Someone trying to
On Fri, December 14, 2007 10:02 am, Eemeli Aro wrote:
I'm a little confused. How does this add to the functionality that
already exists with the Attach: markup? With the form
Attach:Group/file.txt
or
Attach:Group/Page/file.txt
you can already refer to the attachments associated with a
Hello eemeli,
well, I couldn't help it to still get the recipe to some sensible finish,
so I have put together a solution that now makes it fully functional as
promised (ver 1.1-beta1). (Attachments can now indeed be saved everywhere,
also in subdirectories or in the upload root.) It is a
page-wise storaging.
This should come in quite handy if one has a very structured group
organization. In principle also deeper subdirectories can be addressed.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com
On Sun, December 9, 2007 2:52 am, Dean Staub wrote:
First, Thank you Thomas for your work on the new module. It is a huge
improvement over the former system - well done.
I do however have a few small problems that I need to get to the bottom
of. I have for example the latest version of ZAP
I have been running some performance tests using StopWatch()
with Fox processing multiple files. I noticed that the line in the
pmwiki.php SaveAttributes function
$html = MarkupToHTML($pagename,$text);
is causing the overall process time to more than double.
As a test I used Fox to
... and to amend, files retrieved and displayed with this recipe are
forced to be located below the pmwiki uploads dir. (review of the code
appreciated as well)
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
plainly wrong in ver0.1.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Dec 3, 2007 8:27 AM, ThomasP [EMAIL PROTECTED] wrote:
Hi,
On Dec 3, 2007 7:15 AM, ThomasP [EMAIL PROTECTED] wrote:
The error message refers (exclusively) to the case when characters
are
discovered in the request variables that could be used for cross-site
scripting attacks, i.e
On Wed, September 26, 2007 09:52, Matthias Günther wrote:
Hello,
I want to start to create a recipe. I looked over the pmwiki documentation
but
there I found nothing. It would be nice if someone can post a simple
example
which has the following function:
- include the recipe on my wiki
is the full list of configuration vars.
Let me know if you encounter problems.
ThomasP
(Note for upgrading from stable7: only userauth2.php has been changed, and
a new file userauth2/userauth2-bruteforce.php has been added.)
SDV($UA2EnableBruteForceProtect, true);
SDV($FailedLoginsLogDir
Hello,
I needed a more elaborate version of the existing footnotes markup,
allowing for larger footnote texts (without loosing overview over the
actual text) and allowing for multiple references to the same footnote.
I have made it into a new recipe,
Hello,
[this one went over the list]
On Sat, September 8, 2007 14:53, Andy Kaplan-Myrth wrote:
Andy Kaplan-Myrth wrote:
I decided to make the switch from UserAuth to UserAuth2 today. It went
smoothly until I tried to log in as admin with no password, the
default user. I had the same problem
day.
This is perfectly working, independently from browser honesty or clock. It
is done by keeping record of times in the session array.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki
(...)
in userauth2.php, only the mapping direction would be just reversed.
Otherwise I hope to implement this within the summer.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Wed, June 13, 2007 01:37, IchBin wrote:
Guess it would work better if I do this ..Dah..:
$pagename = str_replace('/', '.', $pagename);
LOL...
Yes, this is always the problem with bugs that I can't directly replay on
my site: I then have to guess the solution, and this leaves often
and password.)
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Mon, June 11, 2007 20:47, IchBin wrote:
ThomasP wrote:
On Tue, June 5, 2007 20:02, IchBin wrote:
IchBin wrote:
Not sure if I mentioned this Thomas but as an 'admin' user there is no
security problem posting a formatted item to the WikiCalendar using the
(:wikilogbox:) markup. Guess
(with another POST
key) and only one embracing pmwiki action might also be a good solution.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
. In any case, that's
why you will see some exit;s in the UA2 code.
Hope this will help someone sometime.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Tue, June 12, 2007 17:25, Patrick R. Michaud wrote:
On Tue, Jun 12, 2007 at 05:19:37PM +0200, ThomasP wrote:
...
with the new Pmwiki publish functionality. There is quite a chance here
that this might develop into a conflict in the long run.
Actually, I don't have any intent of creating
On Tue, June 12, 2007 18:21, IchBin wrote:
Not to be missing anything I have this output _below_. I am not given
authorization.
- When trying to update with the markup for formated message to a
calendar page:
UA2ErrorLog: 'Access to Calendar/20070612 at level edit NOT granted. '
- Be
Hello,
I have been away for a while - hope this comes still in time.
On Sat, June 2, 2007 18:54, IchBin wrote:
ThomasP wrote:
On Thu, May 31, 2007 02:12, IchBin wrote:
IchBin wrote:
I am fooling around with WikiCalendar since I can not get any response
from the author of Logbook
. There will likely be a just fix things for me button
of some sort.
I was OK even if we would have to move the pages manually, this is easier.
Agree with this. For me personally manual page movement would be sufficient.
ThomasP
___
pmwiki-users
Hello,
just catching up some weeks of pmwiki mail. With what you wrote my mail
before seems to become outdated.
On Tue, June 5, 2007 20:02, IchBin wrote:
IchBin wrote:
Not sure if I mentioned this Thomas but as an 'admin' user there is no
security problem posting a formatted item to the
Hello,
On Thu, June 7, 2007 12:15, blues wrote:
i have a fresh PmWiki installation (beta54),
with a fresh UserAuth2 installation (stable5).
no other recipes or skins installed.
i want to activate the draft capabiliites of PmWiki,
so i did:
$EnableDrafts = 1;
$EnablePublishAttr = 1;
and,
On Wed, May 30, 2007 07:14, IchBin wrote:
Thanks Thomas, as it turns out, I did what you just mention already by
chance. I will fool around with your example.
- I still have a big question mark about the use of term parent in the
context of creating a new user or @group. What are the OOD
On Thu, May 31, 2007 02:12, IchBin wrote:
IchBin wrote:
I am fooling around with WikiCalendar since I can not get any response
from the author of Logbook. It is not working, for me, but then that is
another post I posted here and to his personal email address.
Anyway, a user with UserAuth2
On Mon, May 28, 2007 23:42, Frank wrote:
...
YEAH, that's it
Now the user1 file contains the below things
a:3:{s:6:parent;s:5:admin;s:16:loginFromIpsOnly;a:0:{}s:5:perms;a:1:{s:5:admin;a:0:{}}}
The error message is gone when adding a user. But if I call the
Edit-field in the admin dialog,
Hello,
On Mon, May 28, 2007 21:26, IchBin wrote:
# pr - may change his profile
Given the above info I have a question.
- I have a groups '@group_a'. I want to allow all users using this group
be able to read\write to their own profile page. I add 'pr' into the
@group_a' but when I login,
Hello,
On Tue, May 29, 2007 01:39, IchBin wrote:
UserAuth2 and PresenceAwarenessLight work nicely. I am only using it to
display the status of a visitor:
- The signed in user account name or otherwise the IP address of the
visitor.
- What page they have loaded.
- The state of the
Hello,
On Mon, May 28, 2007 00:47, Frank wrote:
After entering the permision items in the box 'Permissions granted by' I
get the following report
UserAuth II Administration
Settings could not be saved. Please contact the system administrator.
Back to UserAuth main page.
The same happens
On Sat, May 26, 2007 16:06, Patrick R. Michaud wrote:
In fact, this brings up a larger question of what to do with the
Site.* group in general... should we change the PmWiki default so that
viewing pages in the Site group is restricted to admins? There
are three options that I see:
Option
tool has been called for the first time. (At
least I experienced this with the 2.2.0-beta45 pmwiki version.)
I have updated UA2 accordingly (yielding version 2.0-stable5), the only
file being changed cookbook/userauth2/userauth2-admintool.php. (*)
ThomasP
(*) If it is faster for you you can also
Hi all,
On Wed, May 23, 2007 04:06, IchBin wrote:
I am interested in using PresenceAwarenessLight or maybe the
PresenceAwareness recipe. On their recipe pages they both say they are
based off of the UserAuth recipe. Does this mean that I need the
UserAuth recipe. I am running UserAuth2. Does
.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Sat, May 19, 2007 20:26, Patrick R. Michaud wrote:
More critical are the two remaining fields. Therefore the question: what
is the exact meaning of
'=protectexclude' and
'=protectsafe'
These aren't fields of the $page array (returned by the authfunction) --
they're specific only to
evaluated by UserAuth2 and by UserAuth
(since it is channelled through pmwiki CondAuth function which distributes
to the different authentication modules). The page variable {$AuthId} is
correctly set (to the authenticated user name) by UserAuth2 at least.
I will add it to the JITS talk page.
ThomasP
/to Site.AuthUser, it
obviously does not work together. Could you in the MemberMgmt recipe
branch the operations depending on the authentication module running, and
I will provide appropriate hooks in UserAuth2 to be called by MemberMgmt?
Does this sound sensible? Or did I miss somenthing?
ThomasP
On Sun, May 20, 2007 14:35, ThomasP wrote:
On Sat, May 19, 2007 20:26, Patrick R. Michaud wrote:
More critical are the two remaining fields. Therefore the question:
what
is the exact meaning of
'=protectexclude' and
'=protectsafe'
These aren't fields of the $page array (returned
On Sun, May 20, 2007 15:41, The Editor wrote:
Actually no, MemberMgmt authenticates against passwords stored in
Profiles pages (either encrypted or encoded) and then uses authuser's
AuthUserId( ) function to set the authid variable. Then it extracts
any user group memberships from Memberships
On Sun, May 20, 2007 19:11, The Editor wrote:
Yes that would be easy enough to do, but better for me, would be
simply to have UserAuth2 read the session variable member mgmt sets
directly and use it. That would not require any changes in ZAP,
eliminates storing the group memberships data
On Sun, May 20, 2007 19:14, IchBin wrote:
Sorry Thomas I have to look into it closer. I have not had time to play
around with it. I would guess that something had to be persisted to see
this behavior for maintaining information between sessions(). With
little knowledge I will speculate:
It
On Fri, May 18, 2007 01:34, IchBin wrote:
The Cookbook has several instances of multiple approaches. This is
redundancy in the best sense -- multiple solutions from multiple
perspectives, so the user can pick the best match for their particular
needs.
I don't believe there was ever a JITS
On Thu, May 17, 2007 23:21, The Editor wrote:
On 5/17/07, Jason Frisvold [EMAIL PROTECTED] wrote:
On 5/17/07, The Editor [EMAIL PROTECTED] wrote:
I'd find it helpful to know what advantages UserAuth2 offers over
AuthUser. It would seem finding a way to add those in to AuthUser
would be a
Hello,
due to the delegation mechanism I'm actually in the practical position to
be able to show how UserAuth2 looks like on a real example, without
compromising the security of the pmwiki itself. (I have still not used my
own web site though, rather an out-of-the-box pmwiki only - one never
Hi,
Just a quick question on redundancy. I am looking at PITS and JITS. JITS
looks like a re-hash of PITS (not that I have looked at the code to
compare). I found that ZAP has recently been implemented into JITS. I
also noticed that ZAP also requires AuthUser. I have just implemented
Hello everybody in the pmwiki community,
I have waited quite long but it is meanwhile more than time for this
announcement:
The new UserAuth module, called UserAuth2, is there!
Originally actually thought only as a reimplementation of the former one,
this module introduces some new features
On Tue, May 8, 2007 16:05, Patrick R. Michaud wrote:
On Tue, May 08, 2007 at 03:54:34PM +0200, ThomasP wrote:
Hi!
Perm for user 'admin', page 'Main.HomePage', level 'ALWAYS': failed.
Perm for user 'admin', page 'Main.WikiSandbox', level 'ALWAYS':
failed.
Perm for user 'admin', page
in the corresponding permission queries is then
corrected/remapped/whatever.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
in the corresponding permission queries is then
corrected/remapped/whatever.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Hi David,
it is indeed UserAuth2.
A possible reason for pagelists to be breaking is that a template page
that is needed for the pagelist creation is not accessible (=
read-protected). Usually it is one of the Site group pages, e.g.
Site.PageListTemplates.
Set rd_*.* in your GuestUsers account
it.
But vicious minds can also imagine cases where even the interpretation
itself should be controlled page-wise via the standard authorization
scheme (instead of only config.php tweaks). In any case in the long run it
is IMHF the more systematic approach.
ThomasP
IMHF = in my humble feeling
Hi Dave,
from my recent experience I can say the timeouts are determined by the
session expiration settings of PHP. Important are the variables
session.cache_expire (in minutes, default 180) and
session.gc_maxlifetime (in seconds, default 1440 = 24 mins)
Obviously, the second variable is
a hard workaround for a while to verify the userauth code by
writing my own session support and write-closing the array with an exit
handler, but this unfort'ly needs mods in the pmwiki engine. And clearly
it isn't the preferred choice of countering this problem.)
Thomas
ThomasP ha scritto
My items were meant as rhetoric questions: whatever the situation is now I
just wanted to expose what should be taken into account if one makes
changes or amendments.
For example, regarding reference to arbitrary files I would say it is at
least not very intuitive at the moment if -- given
Patrick,
agreed to every point. If I understand you right then attached to reads
like associated with, and files that happen to be stored on let's say
per-group basis are associated with every page of that group [1]. (Ergo
the file can be downloaded via any of these pages, ergo read access to at
Hi Paolo,
PS. In the last version you uploaded the exitHandler problem is still
present.
Maybe you should set
if (!isset($exitHandler)) $exitHandler = exit();
instead of
if (!isset($exitHandler)) $exitHandler = 'exit';
quite funny that after some thousand lines of code I'm not
66 matches
Mail list logo
