[Mediawiki-l] Multiple wikis, one login
I'm setting up a wiki family, one wiki per (spoken) language: en.mywiki.com, fr.mywiki.com, de.wiki.com, etc. When somebody logs into the English wiki (for example), I want them also logged into the Spanish, French, and German (etc) wikis. So a single visit to any login page is enough. What's the best way to make this work? FYI, we're using the LDAPauthentication extension with Active Directory. I've tried Plexcel (a single sign-on system for Active Directory) which I thought would solve our problems, but it couldn't support our fairly strange Active Directory setup. I looked at $wgSharedDB but it still requires a separate login per wiki. Anybody tried http://www.mediawiki.org/wiki/Extension:Windows_NTLM_LDAP_Auto_Auth? Any other ideas? Thanks, DanB ___ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Re: [Mediawiki-l] Multiple wikis, one login
Ryan Lane suggested: 1. Use the Kerberos support in the LDAP plugin for this. Thanks Ryan. We previously tried a Kerberos auth solution for MediaWiki (Plexcel) but due to a quirk in our setup, it could not work for us. The quirk is that our userPrincipalName (foo.com) does not equal our AD domain (foo.net), an equivalence assumed at some level (Kerberos or Plexcel). Additionally the kerberos library did not support a principal type of KRB5_NT_ENTERPRISE_PRINCIPAL which is Windows specific. At least this is how it was explained to me. I will take a look at your article. Thanks, DanB ___ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Re: [Mediawiki-l] Multiple wikis, one login
On Wed, May 26, 2010 at 7:08 PM, Daniel Barrett d...@vistaprint.com wrote: Ryan Lane suggested: 1. Use the Kerberos support in the LDAP plugin for this. Thanks Ryan. We previously tried a Kerberos auth solution for MediaWiki (Plexcel) but due to a quirk in our setup, it could not work for us. The quirk is that our userPrincipalName (foo.com) does not equal our AD domain (foo.net), an equivalence assumed at some level (Kerberos or Plexcel). Additionally the kerberos library did not support a principal type of KRB5_NT_ENTERPRISE_PRINCIPAL which is Windows specific. At least this is how it was explained to me. I will take a look at your article. If your web server supports it, the LDAP plugin will as well. My support is based on web server authentication, and uses mod_auth_kerb as an example. You can munge the $_SERVER[REMOTE_USER] however needed to get the username, and can match it against any LDAP attribute you wish. The LDAP plugin is far more flexible than the Plexcel one. Respectfully, Ryan Lane ___ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l