[p2pu-dev] quick question: how many of you have used LDAP before? (opinions about how to migrate users from the drupal site to lernanta)

zuzel.vp zuzel.vp at gmail.com
Wed Feb 9 02:50:54 UTC 2011


It will be at http://dev.p2pu.org:8087/ as soon as I get reading
access to the drupal database. I tested it with
http://charles.dev.p2pu.org:1000/. -- When you login if you are not in
the osqa database we check if you have an account at drupal and that
the password provided is correct. Your username, email, password, and
realname is automatically imported from drupal into osqa. -- It works
exactly as if you have created an account before in osqa so you will
have to login again only after you log off.

-- 
Thanks,
    Zuzel

On Tue, Feb 8, 2011 at 9:41 PM, Stian Håklev <shaklev at gmail.com> wrote:
> Awesome,
> is this live right now for testing? Does it preserve log on through a
> cookie, or do we have to log in again, it's just that we don't need a
> separate account?
>
> Stian
>
> On Tue, Feb 8, 2011 at 18:44, zuzel.vp <zuzel.vp at gmail.com> wrote:
>>
>> OSQA's authentication backend for the existing drupal users is ready:
>>
>> https://github.com/zuzelvp/p2pu_osqa/blob/master/forum/authentication/drupal_auth_backend.py
>> -- Let me know if you want one for Lernanta ;)
>>
>> --
>> Thanks,
>>    Zuzel
>>
>> On Tue, Feb 8, 2011 at 1:53 PM, zuzel.vp <zuzel.vp at gmail.com> wrote:
>> > At the short term there is the choice of implementing a django auth
>> > backend
>> > (http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend).
>> >
>> > --
>> > Thanks,
>> >    Zuzel
>> >
>> > On Tue, Feb 8, 2011 at 1:49 PM, Stian Håklev <shaklev at gmail.com> wrote:
>> >> This is very useful. However, this was a straight migration, for P2PU
>> >> the
>> >> concern currently is to enable OSQA and Drupal integration in the short
>> >> term, and longer term to enable integration with a number of different
>> >> services (potentially IRC, Big Blue Button, OSQA, a wiki, etc).
>> >>
>> >> Going to play with your new site now! :)
>> >> Stian
>> >>
>> >> On Tue, Feb 8, 2011 at 13:44, Paul Osman <paul at mozillafoundation.org>
>> >> wrote:
>> >>>
>> >>> So we recently migrated ~12000 users from Drupal to Django for
>> >>> Drumbeat.org. A few things to note:
>> >>>
>> >>> 1) Drupal 6.x stores passwords as unsalted MD5 hashes. This is fairly
>> >>> insecure (susceptible to being compromised by attackers using rainbow
>> >>> tables) and has been dropped by most modern authn systems. Luckily,
>> >>> Django
>> >>> used to do this too, and now the default authentication backend in
>> >>> Django
>> >>> handles unsalted MD5 hashes just fine. Basically, when Django
>> >>> encounters a
>> >>> user with an unsalted MD5 hashed password, it authenticates them and
>> >>> then
>> >>> upgrades them automatically to whatever hashing algorithm you choose
>> >>> to use
>> >>> going forward (SHA512 in our case). This means you can migrate Drupal
>> >>> users
>> >>> with a straight-up SQL script, which is what we ended up doing.
>> >>>
>> >>> 2) LDAP could be used, but introduces another piece of software to the
>> >>> architecture of the site, which could become cumbersome.
>> >>>
>> >>> 3) OpenID could be used as well, but for a variety of reasons, forcing
>> >>> all
>> >>> of your users to use OpenIDs (even if you set up an identity provider)
>> >>> could
>> >>> be difficult.
>> >>>
>> >>> I'd recommend doing the same thing we did... total migration took
>> >>> about 30
>> >>> minutes for ~12k users with a ~30 line python script that executed raw
>> >>> sql
>> >>> against the Drupal database and used Django models to write data.
>> >>>
>> >>> -Paul
>> >>>
>> >>> On 02/08/2011 01:33 PM, zuzel.vp wrote:
>> >>>>
>> >>>> Adding a third option:
>> >>>>
>> >>>> 1) Moving existing Drupal user accounts into LDAP. If the users are
>> >>>> in
>> >>>> LDAP it will be possible to authenticate using
>> >>>> http://packages.python.org/django-auth-ldap/ for Lernanta and
>> >>>> http://drupal.org/project/ldap_integration for the drupal site.
>> >>>>
>> >>>> 2) Use a custom django authentication backend in Lernanta (to
>> >>>> authenticate against the drupal site database) during the first steps
>> >>>> of the migration, and then move all the users from one database to
>> >>>> the
>> >>>> other when we stop to use the drupal site.
>> >>>>
>> >>>> 3) Use Drupal as an OpenID Server. Drupal sites themselves can act as
>> >>>> OpenID servers, using the openid_server module, but only drupal 4.7
>> >>>> has support for this right now (needs to be ported to 5 and 6).
>> >>>>
>> >>>> Thanks,
>> >>>>     Zuzel
>> >>>>
>> >>>> On Tue, Feb 8, 2011 at 1:11 PM, Jessica Ledbetter
>> >>>> <jessica at jessicaledbetter.com>  wrote:
>> >>>>>
>> >>>>> On Tue, Feb 8, 2011 at 1:09 PM, John
>> >>>>> Britton<public at johndbritton.com>
>> >>>>>  wrote:
>> >>>>>>
>> >>>>>> I'd really like to see us using
>> >>>>>> OpenID.
>> >>>>>
>> >>>>> +1
>> >>>>> _______________________________________________
>> >>>>> p2pu-dev mailing list
>> >>>>> p2pu-dev at lists.p2pu.org
>> >>>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>> >>>>>
>> >>>> _______________________________________________
>> >>>> p2pu-dev mailing list
>> >>>> p2pu-dev at lists.p2pu.org
>> >>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>> >>>
>> >>> _______________________________________________
>> >>> p2pu-dev mailing list
>> >>> p2pu-dev at lists.p2pu.org
>> >>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>> >>
>> >>
>> >>
>> >> --
>> >> http://reganmian.net/blog -- Random Stuff that Matters
>> >>
>> >>
>> >> _______________________________________________
>> >> p2pu-dev mailing list
>> >> p2pu-dev at lists.p2pu.org
>> >> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>> >>
>> >>
>> >
>> _______________________________________________
>> p2pu-dev mailing list
>> p2pu-dev at lists.p2pu.org
>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>
>
>
> --
> http://reganmian.net/blog -- Random Stuff that Matters
>
>
> _______________________________________________
> p2pu-dev mailing list
> p2pu-dev at lists.p2pu.org
> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>
>


More information about the p2pu-dev mailing list