[pmwiki-users] LDAP Authentication

[Patrick R. Michaud]

On Mon, Feb 14, 2005 at 03:13:33PM +0000, Jmp wrote:
> Hi Everyone,
> 
> I recall seeing someething about pmwiki's authentication a while ago, 
> but can't find it now. Two simple questions:
> 
> 1) Can pmwiki use LDAP authentication

With an external module of some sort, yes.  The tricky part is
mapping allowed actions to authenticated users, but if you essentially
want to allow access to any authenticated user, it's pretty easy to do.

> 2) Is it possible to limit access to edit functions by IP address? 
> We're thinking of running pmwiki as an extranet, with content 
> editing only possible from the intranet side.

Yes, this is pretty easy to do.  Essentially the code is:

    if ($action == 'edit'
        && strncmp($_SERVER['REMOTE_ADDR'], '192.168.', 8) != 0) 
      $action = 'browse';

This turns any 'edit' requests into 'browse' requests for browsers
coming from outside the 192.168.x.x IP address range.  Change the
address range as appropriate.

Another useful trick is to password-protect edits coming from the
extranet but leave them open to the intranet:

    if (strncmp($_SERVER['REMOTE_ADDR'], '192.168.', 8) !=0) {
      $DefaultPasswords['edit'] = crypt('offsite');
      $DefaultPasswords['upload'] = crypt('offsite');
      $DefaultPasswords['attr'] = crypt('offsite');
    }

Thus, people can edit from the extranet as long as they know the password;
but intranet editing (from within 192.168.x.x) doesn't require any password.
(The above default passwords would apply only to pages that do not otherwise
have passwords set.)

Pm