[pmwiki-users] HTTP Authentication and use of login name

Hartl, Bob hartl.r at ghc.org
Wed May 24 14:42:57 CDT 2006


Hello Patrick,

I hope you are still interested in changing the core to support using
LDAP to grab the user's display name (i.e. (firstname lastname) from the
http-authenticated username.  If you are interested, I realize this may
have to wait its turn before you can get to it.  I'm definitely
interested whenever you can get to this.

In the meantime as a backup solution, I am using http-authentication and
setting $EnablePostAuthorRequired to 1 to require users to enter a
non-blank author name.  The slight problem is that the initial value of
the Author field is "DOMAINNAMEusername" -- ideally I would like the
initial value of Author field to be blank, so that the user would be
forced (via the $EnablePostAuthorRequired setting) to enter an author
name (and my hope would be that they enter a "proper" author name --
i.e. "firstname lastname".  Is there a way, when using
http-authentication, for the Author field to be inially blank?  (FWIW,
I'm not using the  if (@$_SERVER['REMOTE_USER']) $Author =
$_SERVER['REMOTE_USER'];  statement -- because then the author name
can't be changed, and I want the user to use a proper author name -- not
a name of the format DOMAINNAMEusername.

Thanks
Bob Hartl

-----Original Message-----
From: pmwiki-users-bounces at pmichaud.com
[mailto:pmwiki-users-bounces at pmichaud.com] On Behalf Of Hartl, Bob
Sent: Monday, May 22, 2006 3:49 PM
To: Patrick R. Michaud
Cc: pmwiki-users at pmichaud.com
Subject: Re: [pmwiki-users] HTTP Authentication and use of login name


Patrick,

Thanks again for you reply.  The LDAP approach sure sounds best.  I
agree -- this would be a great addition to the core.

Would the approach be to come up with an "LDAP" alternative to this
statement in config.php?
(@$_SERVER['REMOTE_USER']) $Author = $_SERVER['REMOTE_USER'];

Or is the approach more complicated -- perhaps the httpauth.php script
must be modified to grab the author name from the LDAP server?

One of my colleagues retrieved active directory information via LDAP in
a .NET application, and he discovered that for our LDAP server, first
name is property "givenname" and last name is property "sn" (as in
surname).  I don't know if this is standard or not.  His .NET code
provides a username and password (which I also have access to) in order
to make a non-anonymous inquiry to get "givenname" and "sn" for the
provided username.

I'd definitely be interested in testing this change!

Thanks
Bob Hartl



-----Original Message-----
From: Patrick R. Michaud [mailto:pmichaud at pobox.com] 
Sent: Monday, May 22, 2006 2:46 PM
To: Hartl, Bob
Cc: pmwiki-users at pmichaud.com
Subject: Re: [pmwiki-users] HTTP Authentication and use of login name


On Mon, May 22, 2006 at 12:41:22PM -0700, Hartl, Bob wrote:
> Patrick,
> 
> The httpauth.php script works nicely, thanks.  I would however like to

> display the "author name" not login name in the AUTHOR field.  Is this

> possible when using HTTP authentication in PmWiki?  Two approaches
> seem possible to me.

The login name is simply displayed by default in the "Author" field--an
author can change the value to be something else (and that is the value
remembered for future sessions as long as cookies are enabled).

> Is it possible to grab a "display name" variable -- or "first name"
> and "last name" variables -- instead of the REMOTE_USER variable?  Is 
> there such a server variable(s) to grab?

There aren't such server variables to grab.

> 2) Would the storedauthname.php script work with "http
> authentication?" From the documentation it appears that it's meant to 
> work specifically with "AuthUser"

It might -- I haven't tried it.

> Would a possible approach be to use LDAP to grab the display name
> (i.e. author name) from the login name?  I can't however do an 
> anonymous bind to my LDAP server -- but I have credentials with which 
> to make a non-anonymous request.

Sure, that would be possible; it isn't even difficult.  It might even be
worth a change to the core to support this automatically.

Pm

> -----Original Message-----
> From: pmwiki-users-bounces at pmichaud.com
> [mailto:pmwiki-users-bounces at pmichaud.com] On Behalf Of Hartl, Bob
> Sent: Friday, May 19, 2006 2:58 PM
> To: Patrick R. Michaud
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> 
> 
> Hello Patrick,
>  
> I do not have httpauth.php in my config.php -- this must be what I'm
> missing -- thanks!  I just read the documentation that says PmWiki 2 
> uses sesson-based authentication by default.
>  
> The documentation describes http authentication as HTTP-Basic
> authentication.  My pmwiki website is using "basic authentication" 
> (anonymous is disabled).  I'm using "basic authentication" for testing
> -- but my real goal is to use "integrated windows authentication" as I

> have a Windows domain environment.  Can I expect that PmWiki's http
> authentication will work for "integrated windows authentication" as 
> well as "basic authentication?"  Perhaps I'll find out the answer to 
> this when I test it.
>  
> Thanks again!
> Bob Hartl
> 
> ________________________________
> 
> From: Patrick R. Michaud [mailto:pmichaud at pobox.com]
> Sent: Fri 5/19/2006 7:09 AM
> To: Hartl, Bob
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> 
> 
> 
> On Thu, May 18, 2006 at 03:12:44PM -0700, Hartl, Bob wrote:
> > I'm a new user of PmWiki.  I installed PmWiki on Windows using
> > ISAPI.
> > So far so good!  I'm using HTTP authentication and I've had success
in
> 
> > getting the authenticated login name from REMOTE_USER -- i.e. PmWiki

> > fills the Author field with this login name.  (I followed advice in 
> > Cookbook:RequireAuthor, section HTTP authentication.)
> >
> > I have a WikiGroup, for which I have restricted editing to selected 
> > login names (as they appear using REMOTE_USER).  My hope is that if 
> > the user's login name is one of those permitted-to-edit login names,

> > then the user is able to immediately edit (without any intervening
> login form
> > from PmWiki).   But I am getting the login form (username and
> password).
> > It seems like I should be able to do this.  Am I missing something 
> > easy?
> 
> How do you have your site configured for HTTP authentication -- are
> you using the httpauth.php script in your config.php?
> 
> With what you've described, I don't think that an author should be
> getting the password prompt after being logged in.  But I'd need to 
> know a few more details of the setup first.
> 
> Pm
> 
> 
> 
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://host.pmichaud.com/mailman/listinfo/pmwiki-users
> 

_______________________________________________
pmwiki-users mailing list
pmwiki-users at pmichaud.com
http://host.pmichaud.com/mailman/listinfo/pmwiki-users




More information about the pmwiki-users mailing list