[p2pu-dev] quick question: how many of you have used LDAP before? (opinions about how to migrate users from the drupal site to lernanta)
paul at mozillafoundation.org
Tue Feb 8 18:44:57 UTC 2011
So we recently migrated ~12000 users from Drupal to Django for
Drumbeat.org. A few things to note:
1) Drupal 6.x stores passwords as unsalted MD5 hashes. This is fairly
insecure (susceptible to being compromised by attackers using rainbow
tables) and has been dropped by most modern authn systems. Luckily,
Django used to do this too, and now the default authentication backend
in Django handles unsalted MD5 hashes just fine. Basically, when Django
encounters a user with an unsalted MD5 hashed password, it authenticates
them and then upgrades them automatically to whatever hashing algorithm
you choose to use going forward (SHA512 in our case). This means you can
migrate Drupal users with a straight-up SQL script, which is what we
ended up doing.
2) LDAP could be used, but introduces another piece of software to the
architecture of the site, which could become cumbersome.
3) OpenID could be used as well, but for a variety of reasons, forcing
all of your users to use OpenIDs (even if you set up an identity
provider) could be difficult.
I'd recommend doing the same thing we did... total migration took about
30 minutes for ~12k users with a ~30 line python script that executed
raw sql against the Drupal database and used Django models to write data.
On 02/08/2011 01:33 PM, zuzel.vp wrote:
> Adding a third option:
> 1) Moving existing Drupal user accounts into LDAP. If the users are in
> LDAP it will be possible to authenticate using
> http://packages.python.org/django-auth-ldap/ for Lernanta and
> http://drupal.org/project/ldap_integration for the drupal site.
> 2) Use a custom django authentication backend in Lernanta (to
> authenticate against the drupal site database) during the first steps
> of the migration, and then move all the users from one database to the
> other when we stop to use the drupal site.
> 3) Use Drupal as an OpenID Server. Drupal sites themselves can act as
> OpenID servers, using the openid_server module, but only drupal 4.7
> has support for this right now (needs to be ported to 5 and 6).
> On Tue, Feb 8, 2011 at 1:11 PM, Jessica Ledbetter
> <jessica at jessicaledbetter.com> wrote:
>> On Tue, Feb 8, 2011 at 1:09 PM, John Britton<public at johndbritton.com> wrote:
>>> I'd really like to see us using
>> p2pu-dev mailing list
>> p2pu-dev at lists.p2pu.org
> p2pu-dev mailing list
> p2pu-dev at lists.p2pu.org
More information about the p2pu-dev