[Moin-user] authenticating from multiple sources
Rick Vanderveer
rick.vanderveer at gmail.com
Fri Sep 4 18:43:32 EDT 2009
I'm trying to get a wiki configured that will allow multiple
authentication methods. According to HelpOnAuthentication, this
should be possible by combining multiple auths.
background:
I want a wiki that is shared between internal users (authenticating
off of LDAP), and clients (which I would hand-create an account for),
and then using acl_rights_before and acl_rights_default to control
access.
I've tested both authentication methods separately, and they work fine
(i.e. in default auth, I'm able to create new accounts. In LDAP, I'm
able to login).
The problem:
When I merge the two, the standard auth users are no longer able to
log in. The LDAP users get an "Invalid username or password" error,
BUT does successfully log in (they're able to click the "clear
message" link and continue just fine).
Any thoughts?
Here's the relevent snippet from my farmconfig.py:
from MoinMoin.auth import MoinAuth
from MoinMoin.auth.ldap_login import LDAPAuth
ldap_authenticator1 = LDAPAuth(
server_uri='ldap://172.25.60.8', # ldap / active directory server URI
bind_dn='%(username)s at cogarts.us.niit.com', # We can either
use some fixed user and password for binding to LDAP.
bind_pw='%(password)s',
base_dn='dc=cogarts,dc=us,dc=niit,dc=com', # base DN we use
for searching
scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
referrals=0, # LDAP REFERRALS (0 needed for AD)
search_filter='(sAMAccountName=%(username)s)', # ldap filter
used for searching:
givenname_attribute=None,
surname_attribute=None,
aliasname_attribute=None,
email_attribute=None,
email_callback=None,
coding='utf-8',
timeout=10,
start_tls=0,
tls_cacertdir='',
tls_cacertfile='',
tls_certfile='',
tls_keyfile='',
tls_require_cert=0,
bind_once=False,
autocreate=True,
)
auth = [MoinAuth(), ldap_authenticator1, ] # this is a list, you
may have multiple ldap authenticators
# as well as other authenticators
cookie_lifetime = 1 # 1 hour after last access ldap login is required again
More information about the Moin-user
mailing list