Hello Jean-Philippe,
I could not reach you by your private email address. (host lookup failure)
The LDAP implementation of UA2 is effectively a clone of the original in
the standard pmwiki code. Therefore, I guess the accent problem will be
the same.
If there were still problems getting LDAP to
.
Upgrading the UserAuth2 recipe to version 2.1-beta4 will resolve the
issues. Upgrading is definitely recommended if cookie authentication is
enabled and
echo mt_rand(1, 0xf) . "\n"; // more than 8 "f"s
results in a single value upon repeated calling on your sys
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Hello,
I tried to edit some of the UserAuth2 pages, but with no success:
The server did not respond when clicking the edit button.
The problem was not only with one IP or browser, so I assume it is the
server.
Is there anything wrong?
Thomas
PS: Wiki sandbox the same.
__
On Wed, October 8, 2008 9:09 pm, Ian MacGregor wrote:
> I must have missed the first part of this conversation. What exactly is
> the problem?
>
Hi,
there was a discussion going on starting on 21th of Sep, see
http://pmichaud.com/pipermail/pmwiki-users/2008-September/052378.html
http://pmichaud.
ly gradually.)
ThomasP
BTW: There is a NotifyOnUpload recipe, it is just that it is even more and
probably _too_ much workaround style.
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
":
Where actually is the get_ldap_values function defined? (Could see it
neither in pmwiki nor on php.net.) What does one provide as arguments?
Gary, if you just want to give it a try, use
$AuthUser['@MYGROUP'] =
get_ldap_values("ou=Group,dc=engr,dc=georgefox,dc=edu&q
On Sat, January 12, 2008 8:34 pm, Gary Spivey wrote:
> Attached is a limited file that should give you what you need - it is an
> ldif dump on a few people and groups and the ldif headings and such.
>
> In ExternAuth, I look for session variables that have been set
> ($authenticated, $username, and
cipe
providing only functions to call.)
The question for me is only how to make it in such a way that it is
reusable in many different but similar LDAP scenarios. Can you send some
information about how the LDAP entries are organized in your situation? (I
Hello list,
starting from version 2.1-beta2 the UserAuth2 module will include support
for authentication against an LDAP server.
Configuration can be done in exactly the same manner as for AuthUser, by
placing a line like
$AuthUser['ldap'] = 'ldap://host:port/basedn?attribute?scope?filter'
in t
On Mon, December 17, 2007 1:33 pm, ThomasP wrote:
> ...
>
> For the level 'attr', I just noticed that at the moment it's "hardwired"
> denied, but it's sufficient to uncomment the line in userauth2.php
> containing the word "frequently" to
On Wed, December 12, 2007 12:03 am, Dean Staub wrote:
> Hi Thomas, thanks for your response.
>
> I have found some time to follow your instructions above.
> The results of your debug output are as follows for the error accessing
> a zap function;
>
> 2007-12-12 09:18:56 EST USAU Someone trying to
Hello eemeli,
well, I couldn't help it to still get the recipe to some sensible finish,
so I have put together a solution that now makes it fully functional as
promised (ver 1.1-beta1). (Attachments can now indeed be saved everywhere,
also in subdirectories or in the upload root.) It is a somewhat
On Fri, December 14, 2007 10:02 am, Eemeli Aro wrote:
> I'm a little confused. How does this add to the functionality that
> already exists with the Attach: markup? With the form
>
> Attach:Group/file.txt
> or
> Attach:Group/Page/file.txt
>
> you can already refer to the attachments associated with
xt
for example when using page-wise storaging.
This should come in quite handy if one has a very structured group
organization. In principle also deeper subdirectories can be addressed.
ThomasP
___
pmwiki-users mailing list
pmwiki-use
On Sun, December 9, 2007 2:52 am, Dean Staub wrote:
> First, Thank you Thomas for your work on the new module. It is a huge
> improvement over the former system - well done.
>
> I do however have a few small problems that I need to get to the bottom
> of. I have for example the latest version of ZA
Hello,
I have upgraded the recipe to fix the sorting and to introduce further and
more systematic header options.
Some former header options are gone, being substituted as follows:
on => filename
bold => filenamebold
Let me know if something especially useful could be added.
ThomasP
... and to amend, files retrieved and displayed with this recipe are
forced to be located below the pmwiki uploads dir. (review of the code
appreciated as well)
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/l
evel might be actually different from what I thought during making
this recipe. (comments appreciated)
There will be an update to version 0.2 even before (probably today), as I
discovered the sorting mechanism was just plainly wrong in ver0.1.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
> I have been running some performance tests using StopWatch()
> with Fox processing multiple files. I noticed that the line in the
> pmwiki.php SaveAttributes function
>
> $html = MarkupToHTML($pagename,$text);
>
> is causing the overall process time to more than double.
> As a test I used Fox
> On Dec 3, 2007 8:27 AM, ThomasP <[EMAIL PROTECTED]> wrote:
>
>> Hi,
>>
>> > On Dec 3, 2007 7:15 AM, ThomasP <[EMAIL PROTECTED]> wrote:
>> >
>> >> The error message refers (exclusively) to the case when characters
>> are
>>
On Wed, September 26, 2007 09:52, Matthias Günther wrote:
> Hello,
>
> I want to start to create a recipe. I looked over the pmwiki documentation
> but
> there I found nothing. It would be nice if someone can post a simple
> example
> which has the following function:
>
> - include the recipe on m
Hello,
I needed a more elaborate version of the existing footnotes markup,
allowing for larger footnote texts (without loosing overview over the
actual text) and allowing for multiple references to the same footnote.
I have made it into a new recipe,
http://www.pmwiki.org/wiki/Cookbook/Footnotes
ly.
Below is the full list of configuration vars.
Let me know if you encounter problems.
ThomasP
(Note for upgrading from stable7: only userauth2.php has been changed, and
a new file userauth2/userauth2-bruteforce.php has been added.)
SDV($UA2EnableBruteForceProtect, true);
SDV($FailedLo
Hello,
[this one went over the list]
On Sat, September 8, 2007 14:53, Andy Kaplan-Myrth wrote:
> Andy Kaplan-Myrth wrote:
>> I decided to make the switch from UserAuth to UserAuth2 today. It went
>> smoothly until I tried to log in as "admin" with no password, the
>> default user. I had the same
ed in the
standard distribution (for plain security reasons; after all it is a bit
more insecure than logging in repeatedly).
Just set
$UA2AllowCookieLogin
to true somewhere in your local/config.php. The cookie expire time (in
seconds),
$UA2CookieExpireTime
is set to 30 days by default.
ThomasP
&
On Wed, August 22, 2007 06:50, ThomasP wrote:
> ...
>
> I would propose a rule like "not more than 100 login attempts per any 30
> days period from one IP", with both the limit and the duration adjustable.
> (Even though the code for this would be slower I guess it is
n attempts per any 30
days period from one IP", with both the limit and the duration adjustable.
(Even though the code for this would be slower I guess it is worth it.)
Besides, I think to prevent distributed attacks effectively, it will also
be useful to raise (additionally) a similar fence on a "per-username"
basis, i.e. "not more than ... for one login username".
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
DV($UA2SessionMaxLifeTime, 24*60*60); // In seconds, default 1 day.
This is perfectly working, independently from browser honesty or clock. It
is done by keeping record of times in the session array.
ThomasP
___
pmwiki-users mailing list
pmwiki-us
of
information on its usage. But I'm looking forward to a broader base(*) in
the future, and maybe even to some people who dig into the code itself and
having knowledge about the internas.
ThomasP
(*) I was once thinking that this style of permission setup could replace
the current system (
getAllGroupsOfUser(...)
in userauth2.php, only the "mapping direction" would be just reversed.
Otherwise I hope to implement this within the summer.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Thu, June 14, 2007 09:21, Peter K.H. Gragert wrote:
> The error finally found:
>
> After login with correct username and password the regeneration of the
> $_SESSION variable after a Redirect($pagename,$urlfmt); (in pmwiki.php) is
> different AbyssWebServer gives all values back Apache (locall
t;
Just for completeness: This last line ("(:if authid:)") also works for
authentication realized with UserAuth2. (It equivalently detects whether
someone has logged in with a valid username and password.)
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Mon, June 11, 2007 18:08, ThomasP wrote:
> On Thu, June 7, 2007 12:15, blues wrote:
>> i have a fresh PmWiki installation (beta54),
>> with a fresh UserAuth2 installation (stable5).
>> no other recipes or skins installed.
>>
>> i want to activate the draft ca
On Wed, June 13, 2007 01:37, IchBin wrote:
>
> Guess it would work better if I do this ..Dah..:
>
>$pagename = str_replace('/', '.', $pagename);
>
> LOL...
>
Yes, this is always the problem with bugs that I can't directly replay on
my site: I then have to guess the solution, and this leaves of
On Tue, June 12, 2007 18:21, IchBin wrote:
>
> Not to be missing anything I have this output __. I am not given
> authorization.
>
> - When trying to update with the markup for formated message to a
> calendar page:
> UA2ErrorLog: 'Access to Calendar/20070612 at level edit NOT granted. '
>
>
> - Be
On Tue, June 12, 2007 17:25, Patrick R. Michaud wrote:
> On Tue, Jun 12, 2007 at 05:19:37PM +0200, ThomasP wrote:
>> ...
>> with the new Pmwiki publish functionality. There is quite a chance here
>> that this might develop into a conflict in the long run.
>
> Actually,
t saw this in the former module, but ok. In any case, that's
why you will see some "exit;"s in the UA2 code.
Hope this will help someone sometime.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
ing subactions (with another POST
key) and only one embracing pmwiki action might also be a good solution.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Mon, June 11, 2007 20:47, IchBin wrote:
> ThomasP wrote:
>> On Tue, June 5, 2007 20:02, IchBin wrote:
>>> IchBin wrote:
>>>
>>> Not sure if I mentioned this Thomas but as an 'admin' user there is no
>>> security problem posting a format
Hello,
On Thu, June 7, 2007 12:15, blues wrote:
> i have a fresh PmWiki installation (beta54),
> with a fresh UserAuth2 installation (stable5).
> no other recipes or skins installed.
>
> i want to activate the draft capabiliites of PmWiki,
> so i did:
> $EnableDrafts = 1;
> $EnablePublishAttr = 1;
Hello,
just catching up some weeks of pmwiki mail. With what you wrote my mail
before seems to become outdated.
On Tue, June 5, 2007 20:02, IchBin wrote:
> IchBin wrote:
>
> Not sure if I mentioned this Thomas but as an 'admin' user there is no
> security problem posting a formatted item to the W
ation such that everything
>> is okay. There will likely be a "just fix things for me" button
>> of some sort.
>
> I was OK even if we would have to move the pages manually, this is easier.
>
Agree with this. For me pers
Hello,
I have been away for a while - hope this comes still in time.
On Sat, June 2, 2007 18:54, IchBin wrote:
> ThomasP wrote:
>> On Thu, May 31, 2007 02:12, IchBin wrote:
>>> IchBin wrote:
>>>> I am fooling around with WikiCalendar since I can not get any re
On Thu, May 31, 2007 02:12, IchBin wrote:
> IchBin wrote:
>> I am fooling around with WikiCalendar since I can not get any response
>> from the author of Logbook. It is not working, for me, but then that is
>> another post I posted here and to his personal email address.
>>
>> Anyway, a user with U
On Wed, May 30, 2007 07:14, IchBin wrote:
>
> Thanks Thomas, as it turns out, I did what you just mention already by
> chance. I will fool around with your example.
>
> - I still have a big question mark about the use of term "parent" in the
> context of creating a new user or @group. What are the
Hello,
On Tue, May 29, 2007 01:39, IchBin wrote:
> UserAuth2 and PresenceAwarenessLight work nicely. I am only using it to
> display the status of a visitor:
>
> - The signed in user account name or otherwise the IP address of the
> visitor.
> - What page they have loaded.
> - The state of t
Hello,
On Mon, May 28, 2007 21:26, IchBin wrote:
> # pr - may change his profile
>
> Given the above info I have a question.
>
> - I have a groups '@group_a'. I want to allow all users using this group
> be able to read\write to their own profile page. I add 'pr' into the
> @group_a' but when I lo
On Mon, May 28, 2007 23:42, Frank wrote:
> ...
>
> YEAH, that's it
> Now the user1 file contains the below things
> a:3:{s:6:"parent";s:5:"admin";s:16:"loginFromIpsOnly";a:0:{}s:5:"perms";a:1:{s:5:"admin";a:0:{}}}
>
> The error message is gone when adding a user. But if I call the
> Edit-field in t
Hello again,
On Mon, May 28, 2007 00:47, Frank wrote:
> After entering the permision items in the box 'Permissions granted by' I
> get the following report
>
> "UserAuth II Administration
> Settings could not be saved. Please contact the system administrator.
> Back to UserAuth main page."
>
> The
Hello,
On Mon, May 28, 2007 00:47, Frank wrote:
> After entering the permision items in the box 'Permissions granted by' I
> get the following report
>
> "UserAuth II Administration
> Settings could not be saved. Please contact the system administrator.
> Back to UserAuth main page."
>
> The same
the admin tool has been called for the first time. (At
least I experienced this with the 2.2.0-beta45 pmwiki version.)
I have updated UA2 accordingly (yielding version 2.0-stable5), the only
file being changed "cookbook/userauth2/userauth2-admintool.php". (*)
ThomasP
(*) If it is faster
On Sat, May 26, 2007 16:06, Patrick R. Michaud wrote:
> In fact, this brings up a larger question of what to do with the
> Site.* group in general... should we change the PmWiki default so that
> viewing pages in the Site group is restricted to admins? There
> are three options that I see:
>
>
> O
.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Hi all,
On Wed, May 23, 2007 04:06, IchBin wrote:
>
> I am interested in using PresenceAwarenessLight or maybe the
> PresenceAwareness recipe. On their recipe pages they both say they are
> based off of the UserAuth recipe. Does this mean that I need the
> UserAuth recipe. I am running UserAuth2.
On Sun, May 20, 2007 19:14, IchBin wrote:
> Sorry Thomas I have to look into it closer. I have not had time to play
> around with it. I would guess that something had to be persisted to see
> this behavior for maintaining information between sessions(). With
> little knowledge I will speculate:
>
>
On Sun, May 20, 2007 19:11, The Editor wrote:
> Yes that would be easy enough to do, but better for me, would be
> simply to have UserAuth2 read the session variable member mgmt sets
> directly and use it. That would not require any changes in ZAP,
> eliminates storing the group memberships data re
On Sun, May 20, 2007 17:36, Patrick R. Michaud wrote:
> On Sun, May 20, 2007 at 05:23:56PM +0200, ThomasP wrote:
>> On Sun, May 20, 2007 16:10, Patrick R. Michaud wrote:
>> (II):
>> > Another approach I could use is that pagelist and other functions
>> assume
>>
On Sun, May 20, 2007 16:10, Patrick R. Michaud wrote:
> On Sun, May 20, 2007 at 04:00:07PM +0200, ThomasP wrote:
>> Ok, I can see now: it is an optimization for not having to look up for
>> every single user whether the page is read-allowed for him/her, but
>> rather
>
On Sun, May 20, 2007 15:41, The Editor wrote:
> Actually no, MemberMgmt authenticates against passwords stored in
> Profiles pages (either encrypted or encoded) and then uses authuser's
> AuthUserId( ) function to set the authid variable. Then it extracts
> any user group memberships from Membershi
On Sun, May 20, 2007 14:35, ThomasP wrote:
> On Sat, May 19, 2007 20:26, Patrick R. Michaud wrote:
>>> More critical are the two remaining fields. Therefore the question:
>>> what
>>> is the exact meaning of
>>>
>>> '=protectexclude' and
On Sat, May 19, 2007 22:48, IchBin wrote:
> I noticed that after I disabled UserAuth2 on my pc (I have it running
> out on a website) when I open a Session in an unrelated php scripts I
> get Session errors. Are their cookies around that I have to purge? I get
> the following error (I am doing a se
uth2 to be called by MemberMgmt?
Does this sound sensible? Or did I miss somenthing?
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
user name) by UserAuth2 at least.
I will add it to the JITS talk page.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
On Sat, May 19, 2007 20:26, Patrick R. Michaud wrote:
>> More critical are the two remaining fields. Therefore the question: what
>> is the exact meaning of
>>
>> '=protectexclude' and
>> '=protectsafe'
>
> These aren't fields of the $page array (returned by the authfunction) --
> they're specific
I just added the line
->%green%Breaks @@(:pagelist:)@@ markup in connection with ...
on pmwiki.org/wiki/Cookbook/UserAuth2 and since then this page does not
load anymore, but rather one gets
Fatal error: Maximum execution time of 30 seconds exceeded in
/home/pmichaud/pmwiki/pmwiki.php on line 14
On Sat, May 19, 2007 15:53, Patrick R. Michaud wrote:
>
> PmWiki's built-in authorization function puts in a number of
> "pseudo attributes" as part of the returned page. They are:
>
> $page['=auth'][$level] - true if the visitor is authorized at
> $level
> $page['=passwd'][$level] -
Hello,
as I discover, the pagelist markup is indeed broken when using UserAuth2.
(It didn't do this with the old pmwiki.)
Patrick, do you have any idea why this could happen? All permission
queries are passed, and I hope also I delivered the right return value
back from the $AuthFunction. (see be
Hello,
due to the delegation mechanism I'm actually in the practical position to
be able to show how UserAuth2 looks like on a real example, without
compromising the security of the pmwiki itself. (I have still not used my
own web site though, rather an out-of-the-box pmwiki only - one never
knows
On Thu, May 17, 2007 23:21, The Editor wrote:
> On 5/17/07, Jason Frisvold <[EMAIL PROTECTED]> wrote:
>> On 5/17/07, The Editor <[EMAIL PROTECTED]> wrote:
>> > I'd find it helpful to know what advantages UserAuth2 offers over
>> > AuthUser. It would seem finding a way to add those in to AuthUser
>>
On Fri, May 18, 2007 01:34, IchBin wrote:
>>> The Cookbook has several instances of multiple approaches. This is
>>> redundancy in the best sense -- multiple solutions from multiple
>>> perspectives, so the user can pick the best match for their particular
>>> needs.
>>>
>>> I don't believe there w
Hello everybody in the pmwiki community,
I have waited quite long but it is meanwhile more than time for this
announcement:
The new UserAuth module, called UserAuth2, is there!
Originally actually thought only as a reimplementation of the former one,
this module introduces some new features that
Hi,
>
> Just a quick question on redundancy. I am looking at PITS and JITS. JITS
> looks like a re-hash of PITS (not that I have looked at the code to
> compare). I found that ZAP has recently been implemented into JITS. I
> also noticed that ZAP also requires AuthUser. I have just implemented
> U
- I can make the markup rules public
then. (It's not yet finished though, \ref and \cite are still on the todo
list.)
BTW, also take note of the Cookbook.JsMath recipe - it is really
remarkable what Ben has produced there (wouldn't have guessed this is
possible at all on the client side
On Tue, May 8, 2007 16:05, Patrick R. Michaud wrote:
> On Tue, May 08, 2007 at 03:54:34PM +0200, ThomasP wrote:
>> Hi!
>>
>> > Perm for user 'admin', page 'Main.HomePage', level 'ALWAYS': failed.
>> > Perm for user 'admin'
authorization module (and probably
should not exist in pmwiki), and is consequently denied. In the later
pmwiki version the level in the corresponding permission queries is then
corrected/remapped/whatever.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
authorization module (and probably
should not exist in pmwiki), and is consequently denied. In the later
pmwiki version the level in the corresponding permission queries is then
corrected/remapped/whatever.
ThomasP
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Hi David,
it is indeed "UserAuth2".
A possible reason for pagelists to be breaking is that a template page
that is needed for the pagelist creation is not accessible (=
read-protected). Usually it is one of the Site group pages, e.g.
Site.PageListTemplates.
Set "rd_*.*" in your GuestUsers accoun
ons, but also for example
interpretation of internationalization pages (and more might come).
Usually one would say that in the end all possible interpretations will be
allowed, so why make a fuss (or more correctly: an extra action) about it.
But "vicious minds" can also imagine cases where even the interpretation
itself should be controlled page-wise via the standard authorization
scheme (instead of only config.php tweaks). In any case in the long run it
is IMHF the more systematic approach.
ThomasP
IMHF = in my humble feeling
___
pmwiki-users mailing list
[EMAIL PROTECTED]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Hi Dave,
from my "recent experience" I can say the timeouts are determined by the
session expiration settings of PHP. Important are the variables
session.cache_expire (in minutes, default 180) and
session.gc_maxlifetime (in seconds, default 1440 = 24 mins)
Obviously, the second variable is
Hi Paolo,
> PS. In the last version you uploaded the exitHandler problem is still
> present.
> Maybe you should set
> if (!isset($exitHandler)) $exitHandler = exit();
> instead of
> if (!isset($exitHandler)) $exitHandler = 'exit';
>
quite funny that after some thousand lines of code I'm n
Patrick,
agreed to every point. If I understand you right then "attached to" reads
like "associated with", and files that happen to be stored on let's say
per-group basis are associated with every page of that group [1]. (Ergo
the file can be downloaded via any of these pages, ergo read access to
My items were meant as rhetoric questions: whatever the situation is now I
just wanted to expose what should be taken into account if one makes
changes or amendments.
For example, regarding reference to arbitrary files I would say it is at
least not very intuitive at the moment if -- given per-gro
a hard workaround for a while to verify the userauth code by
writing my own session support and write-closing the array with an exit
handler, but this unfort'ly needs mods in the pmwiki engine. And clearly
it isn't the preferred choice of countering this problem.)
Thomas
> Thoma
84 matches
Mail list logo
