On Wed, May 26, 2010 at 7:08 PM, Daniel Barrett <[email protected]> wrote: > Ryan Lane suggested: >>1. Use the Kerberos support in the LDAP plugin for this. > > Thanks Ryan. We previously tried a Kerberos auth solution for MediaWiki > (Plexcel) but due to a quirk in our setup, it could not work for us. The > quirk is that our userPrincipalName (foo.com) does not equal our AD domain > (foo.net), an equivalence assumed at some level (Kerberos or Plexcel). > Additionally the kerberos library did not support a principal type of > KRB5_NT_ENTERPRISE_PRINCIPAL which is Windows specific. At least this is how > it was explained to me. I will take a look at your article. >
If your web server supports it, the LDAP plugin will as well. My support is based on web server authentication, and uses mod_auth_kerb as an example. You can munge the $_SERVER["REMOTE_USER"] however needed to get the username, and can match it against any LDAP attribute you wish. The LDAP plugin is far more flexible than the Plexcel one. Respectfully, Ryan Lane _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
