[Moin-user] authenticating from multiple sources

Rick Vanderveer rick.vanderveer at gmail.com
Fri Sep 4 18:43:32 EDT 2009 

I'm trying to get a wiki configured that will allow multiple
authentication methods.  According to HelpOnAuthentication, this
should be possible by combining multiple auths.


background:
I want a wiki that is shared between internal users (authenticating
off of LDAP), and clients (which I would hand-create an account for),
and then using acl_rights_before and acl_rights_default to control
access.

I've tested both authentication methods separately, and they work fine
(i.e. in default auth, I'm able to create new accounts.  In LDAP, I'm
able to login).



The problem:
When I merge the two, the standard auth users are no longer able to
log in. The LDAP users get an "Invalid username or password" error,
BUT does successfully log in (they're able to click the "clear
message" link and continue just fine).

Any thoughts?


Here's the relevent snippet from my farmconfig.py:

   from MoinMoin.auth import MoinAuth
   from MoinMoin.auth.ldap_login import LDAPAuth
   ldap_authenticator1 = LDAPAuth(
       server_uri='ldap://172.25.60.8',  # ldap / active directory server URI
       bind_dn='%(username)s at cogarts.us.niit.com',  # We can either
use some fixed user and password for binding to LDAP.
       bind_pw='%(password)s',
       base_dn='dc=cogarts,dc=us,dc=niit,dc=com',  # base DN we use
for searching
       scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
       referrals=0, # LDAP REFERRALS (0 needed for AD)
       search_filter='(sAMAccountName=%(username)s)',  # ldap filter
used for searching:
       givenname_attribute=None,
       surname_attribute=None,
       aliasname_attribute=None,
       email_attribute=None,
       email_callback=None,
       coding='utf-8',
       timeout=10,
       start_tls=0,
       tls_cacertdir='',
       tls_cacertfile='',
       tls_certfile='',
       tls_keyfile='',
       tls_require_cert=0,
       bind_once=False,
       autocreate=True,
   )

   auth = [MoinAuth(), ldap_authenticator1, ] # this is a list, you
may have multiple ldap authenticators
                                  # as well as other authenticators

   cookie_lifetime = 1 # 1 hour after last access ldap login is required again

More information about the Moin-user mailing list