On Thu, 2006-07-27 at 12:41 -0500, Lane, Ryan wrote:
[person Ryan was responding to wrote]:
As an alternative one might think about writing
something which would
export the user information from a MW database to something standard
like LDIF which could then be imported into an LDAP server and would
then be useable by anything which could authenticate agains LDAP,
including Linux, Windows (Active Directory), and MW with one of the
LDAP extensions.
I think I was supposed to do this at one time for some project that was
started. The project died at some point so I never did this. Doing this
would probably be pretty easy, and I'll look into a good way of doing
it. Making something like this generic is probably pretty hard as you
never really know what objectclasses/attributes anyone is using, and it
varies widely between directory servers.
That was me that dropped the ball on the project. I proposed something
like this, but never followed through.
I just didn't have enough personal use for LDAP to motivate
followthrough on this. More on this in a bit.
I agree with using LDAP though. It would be a pain
(and a lot of code)
to get everything authenticating off of MW. Why reinvent the wheel? LDAP
is specifically meant for this kind of thing. On an intranet it makes
sense as it is very nice to have *everything* authenticating from one
central repository, including your systems (which already have LDAP
authentication capability).
I agree assuming this is an enterprise project where an LDAP directory
is laying around. However, LDAP directories still have a high barrier
to entry, and don't get used a lot outside of an enterprise context
(e.g. hobbyists). So, a lot of hobbyist-centered projects (e.g.
MediaWiki, WordPress, phpBB, etc) don't use LDAP by default, if at all.
If you're looking for something more web 2.0-y that may find itself as a
central technology in hobbyist-centered open source, my recommendation
would be something that the YADIS folks are working on
(
http://yadis.org).
Rob