I want REMOTE_USER since I am using Apache to require login if the user is not coming from the local network. But I don't want to have them log in twice. Essentially in psuedocode;

if user is on a remote network:

deny access without login (through htauth)

prompt for login

on success, pass login to MW

else

provide read only access

make login for read-write possible

I don't think I can use both the remote auth module and ldap auth on the same MW instance without hacks.

David

On 7 September 2013 13:59, <vitalif@yourcmc.ru> wrote:

"Local" users are on an identified network address range (via
.htaccess) and "remote" users are anyone who's not "local." In both
cases they have accounts. The problem is Apache won't pass
REMOTE_USER if the directory is considered to not require auth, which
I need to have the site read-only for logged in local users. The only
thing I've been able to come up with is to duplicate the MW instance
using the same database at a different locations, but that means
people will be using different URLs. I also set up a scheme where a
directory requiring htauth login stores REMOTE_USER in a session
variable then bounces them back, but it required further hacks and I'd
prefer something cleaner.

I don't understand why do you want REMOTE_USER at all?
Is it because you use Apache authentication modules - some kind of domain autologin? (and what kind?)
And if it isn't automatic, if it's just HTTP LDAP authentication using login and password - why you don't use http://www.mediawiki.org/wiki/Extension:LDAP_Authentication?

_______________________________________________
Mediawiki-enterprise mailing list
Mediawiki-enterprise@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise