LDAP TWiki authentication


This is how we use LDAP auth with TWiki (Cairo) with Microsoft Active Directory
  • We make TWiki use standard apache basic authentication (The non-cookie, standard method). In this mode TWiki expects Apache to do all the auth work, and then execute TWiki perl scripts with the user login set into the environment variable REMOTE_USER by apache. Our trick is to use a modified mod_ladp apache module that wil get the AD login of the user, auth with AD/LDAP with it, and then change the REMOTE_USER variable from windows login to the wiki name that is dynamically computed by fetching First Name and Last Name in LDAP, and concatenating them after some cleaning (capitalization, removing on non-letter chars)
  • every N hours (for us, 4) a shell script dumps all the LDAP accounts, checks the one not yet declared as TWiki accounts, and for them create them via a modified (to be used non-interactively, and without declaring a password) version of the register TWiki perl CGI script
  • This shell script keeps the list of all LDAP accounts as a wiki page for reference, and mails the changes to an admin mailing list


Apache module

We are based on the v2.4.2 of http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html

The modified register TWiki file

to be placed in the TWiki bin/ dir
  • register-ldap: modified version of the Cairo TWiki bin/register script

The offline account-generation scripts

debug / dev ones:
Topic attachments
I Attachment Action Size Date Who Comment
README.colascolas README.colas manage 1 K 2007-05-19 - 17:34 ColasNahaboo The readme
README_scripts.txttxt README_scripts.txt manage 2 K 2007-05-19 - 17:42 ColasNahaboo The README of scripts
ldap-ilog-dump-wikinameEXT ldap-ilog-dump-wikiname manage 1 K 2007-05-19 - 17:45 ColasNahaboo dump info for one account
ldap-ilog-update-wikinamesEXT ldap-ilog-update-wikinames manage 2 K 2007-05-19 - 17:44 ColasNahaboo main script
mod_auth_ldap.colas.tgztgz mod_auth_ldap.colas.tgz manage 42 K 2007-05-19 - 17:34 ColasNahaboo The whole module, modified
register-ldapEXT register-ldap manage 3 K 2007-05-19 - 17:37 ColasNahaboo modified version of the Cairo TWiki bin/register script
wiki-ldap-check-accountsEXT wiki-ldap-check-accounts manage 1 K 2007-05-19 - 17:49 ColasNahaboo one shot: clean all wiki pages accounts
wiki-registerEXT wiki-register manage 249 bytes 2007-05-19 - 17:47 ColasNahaboo shell script calling the CGI register-ldap via wget
wiki-register-allEXT wiki-register-all manage 679 bytes 2007-05-19 - 17:48 ColasNahaboo batch account creation
Topic revision: r18 - 2007-05-24, ColasNahaboo
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Colas? Send feedback