[p2pu-dev] quick question: how many of you have used LDAP before? (opinions about how to migrate users from the drupal site to lernanta)

Stian Håklev shaklev at gmail.com
Wed Feb 9 02:41:33 UTC 2011


Awesome,
is this live right now for testing? Does it preserve log on through a
cookie, or do we have to log in again, it's just that we don't need a
separate account?

Stian

On Tue, Feb 8, 2011 at 18:44, zuzel.vp <zuzel.vp at gmail.com> wrote:

> OSQA's authentication backend for the existing drupal users is ready:
>
> https://github.com/zuzelvp/p2pu_osqa/blob/master/forum/authentication/drupal_auth_backend.py
> -- Let me know if you want one for Lernanta ;)
>
> --
> Thanks,
>     Zuzel
>
> On Tue, Feb 8, 2011 at 1:53 PM, zuzel.vp <zuzel.vp at gmail.com> wrote:
> > At the short term there is the choice of implementing a django auth
> > backend (
> http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend
> ).
> >
> > --
> > Thanks,
> >    Zuzel
> >
> > On Tue, Feb 8, 2011 at 1:49 PM, Stian Håklev <shaklev at gmail.com> wrote:
> >> This is very useful. However, this was a straight migration, for P2PU
> the
> >> concern currently is to enable OSQA and Drupal integration in the short
> >> term, and longer term to enable integration with a number of different
> >> services (potentially IRC, Big Blue Button, OSQA, a wiki, etc).
> >>
> >> Going to play with your new site now! :)
> >> Stian
> >>
> >> On Tue, Feb 8, 2011 at 13:44, Paul Osman <paul at mozillafoundation.org>
> wrote:
> >>>
> >>> So we recently migrated ~12000 users from Drupal to Django for
> >>> Drumbeat.org. A few things to note:
> >>>
> >>> 1) Drupal 6.x stores passwords as unsalted MD5 hashes. This is fairly
> >>> insecure (susceptible to being compromised by attackers using rainbow
> >>> tables) and has been dropped by most modern authn systems. Luckily,
> Django
> >>> used to do this too, and now the default authentication backend in
> Django
> >>> handles unsalted MD5 hashes just fine. Basically, when Django
> encounters a
> >>> user with an unsalted MD5 hashed password, it authenticates them and
> then
> >>> upgrades them automatically to whatever hashing algorithm you choose to
> use
> >>> going forward (SHA512 in our case). This means you can migrate Drupal
> users
> >>> with a straight-up SQL script, which is what we ended up doing.
> >>>
> >>> 2) LDAP could be used, but introduces another piece of software to the
> >>> architecture of the site, which could become cumbersome.
> >>>
> >>> 3) OpenID could be used as well, but for a variety of reasons, forcing
> all
> >>> of your users to use OpenIDs (even if you set up an identity provider)
> could
> >>> be difficult.
> >>>
> >>> I'd recommend doing the same thing we did... total migration took about
> 30
> >>> minutes for ~12k users with a ~30 line python script that executed raw
> sql
> >>> against the Drupal database and used Django models to write data.
> >>>
> >>> -Paul
> >>>
> >>> On 02/08/2011 01:33 PM, zuzel.vp wrote:
> >>>>
> >>>> Adding a third option:
> >>>>
> >>>> 1) Moving existing Drupal user accounts into LDAP. If the users are in
> >>>> LDAP it will be possible to authenticate using
> >>>> http://packages.python.org/django-auth-ldap/ for Lernanta and
> >>>> http://drupal.org/project/ldap_integration for the drupal site.
> >>>>
> >>>> 2) Use a custom django authentication backend in Lernanta (to
> >>>> authenticate against the drupal site database) during the first steps
> >>>> of the migration, and then move all the users from one database to the
> >>>> other when we stop to use the drupal site.
> >>>>
> >>>> 3) Use Drupal as an OpenID Server. Drupal sites themselves can act as
> >>>> OpenID servers, using the openid_server module, but only drupal 4.7
> >>>> has support for this right now (needs to be ported to 5 and 6).
> >>>>
> >>>> Thanks,
> >>>>     Zuzel
> >>>>
> >>>> On Tue, Feb 8, 2011 at 1:11 PM, Jessica Ledbetter
> >>>> <jessica at jessicaledbetter.com>  wrote:
> >>>>>
> >>>>> On Tue, Feb 8, 2011 at 1:09 PM, John Britton<public at johndbritton.com
> >
> >>>>>  wrote:
> >>>>>>
> >>>>>> I'd really like to see us using
> >>>>>> OpenID.
> >>>>>
> >>>>> +1
> >>>>> _______________________________________________
> >>>>> p2pu-dev mailing list
> >>>>> p2pu-dev at lists.p2pu.org
> >>>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >>>>>
> >>>> _______________________________________________
> >>>> p2pu-dev mailing list
> >>>> p2pu-dev at lists.p2pu.org
> >>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >>>
> >>> _______________________________________________
> >>> p2pu-dev mailing list
> >>> p2pu-dev at lists.p2pu.org
> >>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >>
> >>
> >>
> >> --
> >> http://reganmian.net/blog -- Random Stuff that Matters
> >>
> >>
> >> _______________________________________________
> >> p2pu-dev mailing list
> >> p2pu-dev at lists.p2pu.org
> >> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >>
> >>
> >
> _______________________________________________
> p2pu-dev mailing list
> p2pu-dev at lists.p2pu.org
> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>



-- 
http://reganmian.net/blog -- Random Stuff that Matters
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p2pu.org/pipermail/p2pu-dev/attachments/20110208/917adb18/attachment-0001.html>


More information about the p2pu-dev mailing list