[p2pu-dev] quick question: how many of you have used LDAP before? (opinions about how to migrate users from the drupal site to lernanta)

zuzel.vp zuzel.vp at gmail.com
Tue Feb 8 23:44:52 UTC 2011 

OSQA's authentication backend for the existing drupal users is ready:
https://github.com/zuzelvp/p2pu_osqa/blob/master/forum/authentication/drupal_auth_backend.py
-- Let me know if you want one for Lernanta ;)

-- 
Thanks,
    Zuzel

On Tue, Feb 8, 2011 at 1:53 PM, zuzel.vp <zuzel.vp at gmail.com> wrote:
> At the short term there is the choice of implementing a django auth
> backend (http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend).
>
> --
> Thanks,
>    Zuzel
>
> On Tue, Feb 8, 2011 at 1:49 PM, Stian Håklev <shaklev at gmail.com> wrote:
>> This is very useful. However, this was a straight migration, for P2PU the
>> concern currently is to enable OSQA and Drupal integration in the short
>> term, and longer term to enable integration with a number of different
>> services (potentially IRC, Big Blue Button, OSQA, a wiki, etc).
>>
>> Going to play with your new site now! :)
>> Stian
>>
>> On Tue, Feb 8, 2011 at 13:44, Paul Osman <paul at mozillafoundation.org> wrote:
>>>
>>> So we recently migrated ~12000 users from Drupal to Django for
>>> Drumbeat.org. A few things to note:
>>>
>>> 1) Drupal 6.x stores passwords as unsalted MD5 hashes. This is fairly
>>> insecure (susceptible to being compromised by attackers using rainbow
>>> tables) and has been dropped by most modern authn systems. Luckily, Django
>>> used to do this too, and now the default authentication backend in Django
>>> handles unsalted MD5 hashes just fine. Basically, when Django encounters a
>>> user with an unsalted MD5 hashed password, it authenticates them and then
>>> upgrades them automatically to whatever hashing algorithm you choose to use
>>> going forward (SHA512 in our case). This means you can migrate Drupal users
>>> with a straight-up SQL script, which is what we ended up doing.
>>>
>>> 2) LDAP could be used, but introduces another piece of software to the
>>> architecture of the site, which could become cumbersome.
>>>
>>> 3) OpenID could be used as well, but for a variety of reasons, forcing all
>>> of your users to use OpenIDs (even if you set up an identity provider) could
>>> be difficult.
>>>
>>> I'd recommend doing the same thing we did... total migration took about 30
>>> minutes for ~12k users with a ~30 line python script that executed raw sql
>>> against the Drupal database and used Django models to write data.
>>>
>>> -Paul
>>>
>>> On 02/08/2011 01:33 PM, zuzel.vp wrote:
>>>>
>>>> Adding a third option:
>>>>
>>>> 1) Moving existing Drupal user accounts into LDAP. If the users are in
>>>> LDAP it will be possible to authenticate using
>>>> http://packages.python.org/django-auth-ldap/ for Lernanta and
>>>> http://drupal.org/project/ldap_integration for the drupal site.
>>>>
>>>> 2) Use a custom django authentication backend in Lernanta (to
>>>> authenticate against the drupal site database) during the first steps
>>>> of the migration, and then move all the users from one database to the
>>>> other when we stop to use the drupal site.
>>>>
>>>> 3) Use Drupal as an OpenID Server. Drupal sites themselves can act as
>>>> OpenID servers, using the openid_server module, but only drupal 4.7
>>>> has support for this right now (needs to be ported to 5 and 6).
>>>>
>>>> Thanks,
>>>>     Zuzel
>>>>
>>>> On Tue, Feb 8, 2011 at 1:11 PM, Jessica Ledbetter
>>>> <jessica at jessicaledbetter.com>  wrote:
>>>>>
>>>>> On Tue, Feb 8, 2011 at 1:09 PM, John Britton<public at johndbritton.com>
>>>>>  wrote:
>>>>>>
>>>>>> I'd really like to see us using
>>>>>> OpenID.
>>>>>
>>>>> +1
>>>>> _______________________________________________
>>>>> p2pu-dev mailing list
>>>>> p2pu-dev at lists.p2pu.org
>>>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>>>>>
>>>> _______________________________________________
>>>> p2pu-dev mailing list
>>>> p2pu-dev at lists.p2pu.org
>>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>>>
>>> _______________________________________________
>>> p2pu-dev mailing list
>>> p2pu-dev at lists.p2pu.org
>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>>
>>
>>
>> --
>> http://reganmian.net/blog -- Random Stuff that Matters
>>
>>
>> _______________________________________________
>> p2pu-dev mailing list
>> p2pu-dev at lists.p2pu.org
>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>>
>>
>

More information about the p2pu-dev mailing list