[pmwiki-users] HTTP Authentication and use of login name

Hartl, Bob hartl.r at ghc.org
Mon May 22 17:49:21 CDT 2006


Thanks again for you reply.  The LDAP approach sure sounds best.  I
agree -- this would be a great addition to the core.

Would the approach be to come up with an "LDAP" alternative to this
statement in config.php?

Or is the approach more complicated -- perhaps the httpauth.php script
must be modified to grab the author name from the LDAP server?

One of my colleagues retrieved active directory information via LDAP in
a .NET application, and he discovered that for our LDAP server, first
name is property "givenname" and last name is property "sn" (as in
surname).  I don't know if this is standard or not.  His .NET code
provides a username and password (which I also have access to) in order
to make a non-anonymous inquiry to get "givenname" and "sn" for the
provided username.

I'd definitely be interested in testing this change!

Bob Hartl

-----Original Message-----
From: Patrick R. Michaud [mailto:pmichaud at pobox.com] 
Sent: Monday, May 22, 2006 2:46 PM
To: Hartl, Bob
Cc: pmwiki-users at pmichaud.com
Subject: Re: [pmwiki-users] HTTP Authentication and use of login name

On Mon, May 22, 2006 at 12:41:22PM -0700, Hartl, Bob wrote:
> Patrick,
> The httpauth.php script works nicely, thanks.  I would however like to

> display the "author name" not login name in the AUTHOR field.  Is this

> possible when using HTTP authentication in PmWiki?  Two approaches 
> seem possible to me.

The login name is simply displayed by default in the "Author" field--an
author can change the value to be something else (and that is the value
remembered for future sessions as long as cookies are enabled).

> Is it possible to grab a "display name" variable -- or "first name" 
> and "last name" variables -- instead of the REMOTE_USER variable?  Is 
> there such a server variable(s) to grab?

There aren't such server variables to grab.

> 2) Would the storedauthname.php script work with "http 
> authentication?" From the documentation it appears that it's meant to 
> work specifically with "AuthUser"

It might -- I haven't tried it.

> Would a possible approach be to use LDAP to grab the display name 
> (i.e. author name) from the login name?  I can't however do an 
> anonymous bind to my LDAP server -- but I have credentials with which 
> to make a non-anonymous request.

Sure, that would be possible; it isn't even difficult.  It might even be
worth a change to the core to support this automatically.


> -----Original Message-----
> From: pmwiki-users-bounces at pmichaud.com 
> [mailto:pmwiki-users-bounces at pmichaud.com] On Behalf Of Hartl, Bob
> Sent: Friday, May 19, 2006 2:58 PM
> To: Patrick R. Michaud
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> Hello Patrick,
> I do not have httpauth.php in my config.php -- this must be what I'm 
> missing -- thanks!  I just read the documentation that says PmWiki 2 
> uses sesson-based authentication by default.
> The documentation describes http authentication as HTTP-Basic 
> authentication.  My pmwiki website is using "basic authentication" 
> (anonymous is disabled).  I'm using "basic authentication" for testing
> -- but my real goal is to use "integrated windows authentication" as I

> have a Windows domain environment.  Can I expect that PmWiki's http 
> authentication will work for "integrated windows authentication" as 
> well as "basic authentication?"  Perhaps I'll find out the answer to 
> this when I test it.
> Thanks again!
> Bob Hartl
> ________________________________
> From: Patrick R. Michaud [mailto:pmichaud at pobox.com]
> Sent: Fri 5/19/2006 7:09 AM
> To: Hartl, Bob
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> On Thu, May 18, 2006 at 03:12:44PM -0700, Hartl, Bob wrote:
> > I'm a new user of PmWiki.  I installed PmWiki on Windows using 
> > ISAPI.
> > So far so good!  I'm using HTTP authentication and I've had success
> > getting the authenticated login name from REMOTE_USER -- i.e. PmWiki
> > fills the Author field with this login name.  (I followed advice in 
> > Cookbook:RequireAuthor, section HTTP authentication.)
> >
> > I have a WikiGroup, for which I have restricted editing to selected
> > login names (as they appear using REMOTE_USER).  My hope is that if 
> > the user's login name is one of those permitted-to-edit login names,

> > then the user is able to immediately edit (without any intervening
> login form
> > from PmWiki).   But I am getting the login form (username and
> password).
> > It seems like I should be able to do this.  Am I missing something
> > easy?
> How do you have your site configured for HTTP authentication -- are 
> you using the httpauth.php script in your config.php?
> With what you've described, I don't think that an author should be 
> getting the password prompt after being logged in.  But I'd need to 
> know a few more details of the setup first.
> Pm
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com 
> http://host.pmichaud.com/mailman/listinfo/pmwiki-users

More information about the pmwiki-users mailing list