[p2pu-dev] quick question: how many of you have used LDAP before? (opinions about how to migrate users from the drupal site to lernanta)

Stian Håklev shaklev at gmail.com
Tue Feb 8 18:49:13 UTC 2011


This is very useful. However, this was a straight migration, for P2PU the
concern currently is to enable OSQA and Drupal integration in the short
term, and longer term to enable integration with a number of different
services (potentially IRC, Big Blue Button, OSQA, a wiki, etc).

Going to play with your new site now! :)
Stian

On Tue, Feb 8, 2011 at 13:44, Paul Osman <paul at mozillafoundation.org> wrote:

> So we recently migrated ~12000 users from Drupal to Django for
> Drumbeat.org. A few things to note:
>
> 1) Drupal 6.x stores passwords as unsalted MD5 hashes. This is fairly
> insecure (susceptible to being compromised by attackers using rainbow
> tables) and has been dropped by most modern authn systems. Luckily, Django
> used to do this too, and now the default authentication backend in Django
> handles unsalted MD5 hashes just fine. Basically, when Django encounters a
> user with an unsalted MD5 hashed password, it authenticates them and then
> upgrades them automatically to whatever hashing algorithm you choose to use
> going forward (SHA512 in our case). This means you can migrate Drupal users
> with a straight-up SQL script, which is what we ended up doing.
>
> 2) LDAP could be used, but introduces another piece of software to the
> architecture of the site, which could become cumbersome.
>
> 3) OpenID could be used as well, but for a variety of reasons, forcing all
> of your users to use OpenIDs (even if you set up an identity provider) could
> be difficult.
>
> I'd recommend doing the same thing we did... total migration took about 30
> minutes for ~12k users with a ~30 line python script that executed raw sql
> against the Drupal database and used Django models to write data.
>
> -Paul
>
>
> On 02/08/2011 01:33 PM, zuzel.vp wrote:
>
>> Adding a third option:
>>
>> 1) Moving existing Drupal user accounts into LDAP. If the users are in
>> LDAP it will be possible to authenticate using
>> http://packages.python.org/django-auth-ldap/ for Lernanta and
>> http://drupal.org/project/ldap_integration for the drupal site.
>>
>> 2) Use a custom django authentication backend in Lernanta (to
>> authenticate against the drupal site database) during the first steps
>> of the migration, and then move all the users from one database to the
>> other when we stop to use the drupal site.
>>
>> 3) Use Drupal as an OpenID Server. Drupal sites themselves can act as
>> OpenID servers, using the openid_server module, but only drupal 4.7
>> has support for this right now (needs to be ported to 5 and 6).
>>
>> Thanks,
>>     Zuzel
>>
>> On Tue, Feb 8, 2011 at 1:11 PM, Jessica Ledbetter
>> <jessica at jessicaledbetter.com>  wrote:
>>
>>> On Tue, Feb 8, 2011 at 1:09 PM, John Britton<public at johndbritton.com>
>>>  wrote:
>>>
>>>> I'd really like to see us using
>>>> OpenID.
>>>>
>>>
>>> +1
>>> _______________________________________________
>>> p2pu-dev mailing list
>>> p2pu-dev at lists.p2pu.org
>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>>>
>>>  _______________________________________________
>> p2pu-dev mailing list
>> p2pu-dev at lists.p2pu.org
>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>>
>
> _______________________________________________
> p2pu-dev mailing list
> p2pu-dev at lists.p2pu.org
> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>



-- 
http://reganmian.net/blog -- Random Stuff that Matters
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p2pu.org/pipermail/p2pu-dev/attachments/20110208/a688fec1/attachment-0001.html>


More information about the p2pu-dev mailing list