>> I'm guessing that is the case, but as >> it will be a publicly accessible system, it is quite possible there will >> be people with the same name - any suggestions on how to handle this in >> a nice way? > > Use their middle initials or some other way to make the name unique.
My original plan was to have the users do all registration through one form (in other words, avoid repetition) However, I could assume that not all users will want to write on the wiki anyway - so the first time they login to write, then they will have to choose a wiki name. Is this type of hybrid registration practical? >> - management of the user files: I notice Moin creates a file for each >> user: is it better to let Moin manage these files (e.g. >> creating/updating them on each login attempt), or to write a script to >> create them pro-actively when a user is registered in the central system? > > You for sure should let moin do that. MoinMoin's auth methods usually > have some autocreate flag that let them autocreate the user profile if > it does not already exist. > > In general you rather should NOT access moin's storage files directly. > You could do that, but if something goes wrong, you own the pieces. I wasn't keen on that option, but I am keen to centralise other settings too, such as user timezone. Moin isn't the only app that needs that setting. I want to be sure that: a) if they update their timezone in the central registration system, the setting propagates to Moin (perhaps on the next login to Moin) b) if I can achieve (a), then I do not want the user changing such settings in Moin, as their changes would be lost on the next login >> - I want to allow the users to have both password and OpenID access - >> and I thought that maybe I can just enable OpenID in Moin, my central >> registration system could act as OpenID provider for the >> password-authenticated users, and the users who have OpenID could >> authenticate directly: but using OpenID URL's as identifiers, do the >> users still potentially need unique WikiNames as well? > > Yes, usernames in the wiki need to be unique as they might be used in > ACLs. Could ACLs and everything else in Moin use the email address in place of the name value? Or could the email address be safely used in the name field? >> Any feedback is really appreciated, and however I get this up and >> running, I am also keen to document it and share some of the scripts >> that are developed. > > You have to differentiate whether you do SSO (single sign on, one login > total, everything else is automatic) or just have a common place where > you keep accounts and passwords and against which you can authenticate, > but you still log into each system separately. Of course SSO is more > comfortable, but also it is more effort to get it. I still haven't made that decision, but I've worked with OpenID previously - see http://www.dynalogin.org - so I've been contemplating a few variations of it. I'm also thinking of finding the quickest way to get it work now, but in such a way that I can phase in SSO later without the users having to notice any change. > Looking at what moin can already do: > > GivenAuth - use some given user name (e.g. apache REMOTE_USER). Can > optionally strip windows or email domain, remove blanks, titlecase. > There are a lot of apache modules you can use this with, but the only > thing moin will get from this is a authenticated user name. Rather than just stripping the email domain, can it search the user data files to match on email address? > ldap_login - LDAP server = common place to store credentials and some > openidrp - does OpenID auth (try it, can't help much with that either) > php_session - made to read the session cookie of eGroupware I think those three are the most relevant ones, although I hope to avoid adding LDAP to the picture, I prefer LDAP for situations where it is an internal domain (e.g. all users are within the same company) rather than a publicly accessible service. > Other than these, you can write your own MoinMoin auth module (and do > whatever you want there) or modify an existing auth method, if you need > it slightly different. Basic Python skills needed. > > If you run multipe moin wikis, they can share the cookie (the session) > and the user profiles. Make sure you do that right from the beginning or > it will have diverging userids. > > The MoinMoin.user module has some lookup functions to find users not > only by name, but also by email or openid address. You save the best bit for last: letting the user log in with the email address would make it work just like Bugzilla and Mailman ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Moin-user mailing list Moin-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user
