[p2pu-dev] quick question: how many of you have used LDAP before? (opinions about how to migrate users from the drupal site to lernanta)

zuzel.vp zuzel.vp at gmail.com
Tue Feb 8 18:53:16 UTC 2011


At the short term there is the choice of implementing a django auth
backend (http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend).

-- 
Thanks,
    Zuzel

On Tue, Feb 8, 2011 at 1:49 PM, Stian Håklev <shaklev at gmail.com> wrote:
> This is very useful. However, this was a straight migration, for P2PU the
> concern currently is to enable OSQA and Drupal integration in the short
> term, and longer term to enable integration with a number of different
> services (potentially IRC, Big Blue Button, OSQA, a wiki, etc).
>
> Going to play with your new site now! :)
> Stian
>
> On Tue, Feb 8, 2011 at 13:44, Paul Osman <paul at mozillafoundation.org> wrote:
>>
>> So we recently migrated ~12000 users from Drupal to Django for
>> Drumbeat.org. A few things to note:
>>
>> 1) Drupal 6.x stores passwords as unsalted MD5 hashes. This is fairly
>> insecure (susceptible to being compromised by attackers using rainbow
>> tables) and has been dropped by most modern authn systems. Luckily, Django
>> used to do this too, and now the default authentication backend in Django
>> handles unsalted MD5 hashes just fine. Basically, when Django encounters a
>> user with an unsalted MD5 hashed password, it authenticates them and then
>> upgrades them automatically to whatever hashing algorithm you choose to use
>> going forward (SHA512 in our case). This means you can migrate Drupal users
>> with a straight-up SQL script, which is what we ended up doing.
>>
>> 2) LDAP could be used, but introduces another piece of software to the
>> architecture of the site, which could become cumbersome.
>>
>> 3) OpenID could be used as well, but for a variety of reasons, forcing all
>> of your users to use OpenIDs (even if you set up an identity provider) could
>> be difficult.
>>
>> I'd recommend doing the same thing we did... total migration took about 30
>> minutes for ~12k users with a ~30 line python script that executed raw sql
>> against the Drupal database and used Django models to write data.
>>
>> -Paul
>>
>> On 02/08/2011 01:33 PM, zuzel.vp wrote:
>>>
>>> Adding a third option:
>>>
>>> 1) Moving existing Drupal user accounts into LDAP. If the users are in
>>> LDAP it will be possible to authenticate using
>>> http://packages.python.org/django-auth-ldap/ for Lernanta and
>>> http://drupal.org/project/ldap_integration for the drupal site.
>>>
>>> 2) Use a custom django authentication backend in Lernanta (to
>>> authenticate against the drupal site database) during the first steps
>>> of the migration, and then move all the users from one database to the
>>> other when we stop to use the drupal site.
>>>
>>> 3) Use Drupal as an OpenID Server. Drupal sites themselves can act as
>>> OpenID servers, using the openid_server module, but only drupal 4.7
>>> has support for this right now (needs to be ported to 5 and 6).
>>>
>>> Thanks,
>>>     Zuzel
>>>
>>> On Tue, Feb 8, 2011 at 1:11 PM, Jessica Ledbetter
>>> <jessica at jessicaledbetter.com>  wrote:
>>>>
>>>> On Tue, Feb 8, 2011 at 1:09 PM, John Britton<public at johndbritton.com>
>>>>  wrote:
>>>>>
>>>>> I'd really like to see us using
>>>>> OpenID.
>>>>
>>>> +1
>>>> _______________________________________________
>>>> p2pu-dev mailing list
>>>> p2pu-dev at lists.p2pu.org
>>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>>>>
>>> _______________________________________________
>>> p2pu-dev mailing list
>>> p2pu-dev at lists.p2pu.org
>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>>
>> _______________________________________________
>> p2pu-dev mailing list
>> p2pu-dev at lists.p2pu.org
>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>
>
>
> --
> http://reganmian.net/blog -- Random Stuff that Matters
>
>
> _______________________________________________
> p2pu-dev mailing list
> p2pu-dev at lists.p2pu.org
> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>
>


More information about the p2pu-dev mailing list