I'm trying to use Laconica company-internal. I understand that this isn't the use scenario, the application was designed to but there is a long way until every manager trusts his employees to do public corporate blogging and an perhaps even longer way until every pencil pusher dares to speak out publicly.
Our setup is not really internal. It is on a public IP to allow home-office workers, road-warriors and mobile phone geeks to access the installation. So how to keep strangers out? We usually slap Apache based HTTP-Authentication on things which use an central LDAP server to check credentials. This works to a certain degree, but has two issues: 1) The /api/* resources do their own HTTP authentication. And double HTTP Authentication which does not work very well. I can't remove the HTTP Authentication in actions/api.php since it is not only used for authentication purposes but also for identification of the desired resource: e.g. api/account/update_location chooses the user which needs updating based on the HTTP-user. This could be solved by telling apache to do NO auth via LDAP for URLs starting with ^/api/ but so far I wasn't able to implement this with my mod_auth/mod_rewrite/mod_php interaction mojo. 2) We now have double authentication: a User logs via HTTP-Auth and than has to login again via a web form and a session cookie. I'm looking into ways to avoid that. One way would be to check if PHP_AUTH_USER is set and if so save that during manual login in the database. Next time we see a non logged in session and a PHP_AUTH_USER we can check if that PHP_AUTH_USER is already known and automatically log the user in (password is already checked by apache via LDAP). This could probably done by adding a column to the user table and adding some code to index.php to log users without a session and valid http credentials in. Is this a reasonable approach? Is there a chance that this would be accepted into the mainline branch? Regards --md -- Maximillian Dornseif, CIO, Tel. +49 2191 60912-0 HUDORA GmbH, Jaegerwald 13, 42897 Remscheid, Germany - http://www.hudora.de/ Amtsgericht Wuppertal, HRB 12150, UStId: DE 123241519 Geschaeftsfuehrer: Evelyn Dornseif, Dr. Maximillian Dornseif Aufsichtsrat: Eike Dornseif _______________________________________________ Laconica-dev mailing list [email protected] http://mail.laconi.ca/mailman/listinfo/laconica-dev
