Sunday, June 29, 2008

Mediawiki extensions

As I have written elsewhere a good deal of the power and pain of implementing a Wiki with Mediawiki is in the use and deployment of extensions.

At the moment I am suffering from the interaction of two extensions

I am using the Ldap authentication extension to authenticate the users against the company's Microsoft Windows 2003 Active Directory. This is working very well and generated a great deal of kudos when it was deployed. Not actually single sign on, but a small step in that direction for us. Actually, after slogging through the documentation, it wasn't so difficult to install and configure. Not withstanding anything else I may have written elsewhere on this blog.

I am using the "My Blog" extension to allow the users to create simple blog pages. The blog pages are simply ordinary wiki pages, which are aggregated very much in the manner of templates.

Although users login successfully, they receive a message which suggests that they do not because their cookie settings are incorrect and they are presented with another login box. However, if they just traverse away from the login page everything is fine. But everyone had to be told that they could.


OK, I was wrong above. After further investigation, it appears that the problem originates in the PasswordProtected extension. Having checked and re-checked the source code it is far from clear exactly why it should be causing the problem. Luckily, having reviewed the functionality, it doesn't work in quite the way we'd like so I was able to remove the extension from the LocalSettings.php file.

No sooner was I was congratulating myself on the implementation of the Ldap authentication extension against 3 internal Microsoft Active Directory Domains, than I was asked to add authentication against the Ldap service of our Lotus Notes installation. Having already configured the MS AD Domain authentication this was actually quite simple. In fact I've been able to comparing the two, the ldap authentication against Lotus Notes is simpler than MS AD Domains! In fact, I've re-ordered the Domain login list, so that Lotus Notes is the first option, and left the MS AD domain login option for only a restricted group of users.

There was one thing that surprised me about the user management side of Mediawiki. And this may be a result of our using the Ldap authentication plugin, especially against multiple domains. When A N User from Domain A logged in and a local User called A n user was created. If later on A N User from Domain B logged in, then the Domain B user would be mapped to the same local A n user account as the Domain A user.

Now, in my environment, this is exactly what I want. In fact, if it didn't I'd probably have to be scrabbling through the source code to try and mangle the usernames to try and achieve that result.


No comments: