[p2pu-dev] quick question: how many of you have used LDAP before? (opinions about how to migrate users from the drupal site to lernanta)

John Britton public at johndbritton.com
Wed Feb 9 22:28:04 UTC 2011


Related project for single sign on that's worth looking into:
https://github.com/intridea/omniauth/wiki

--
contact info:
http://www.johndbritton.com
@johndbritton - http://twitter.com/johndbritton


On Tue, Feb 8, 2011 at 6:50 PM, zuzel.vp <zuzel.vp at gmail.com> wrote:

> It will be at http://dev.p2pu.org:8087/ as soon as I get reading
> access to the drupal database. I tested it with
> http://charles.dev.p2pu.org:1000/. -- When you login if you are not in
> the osqa database we check if you have an account at drupal and that
> the password provided is correct. Your username, email, password, and
> realname is automatically imported from drupal into osqa. -- It works
> exactly as if you have created an account before in osqa so you will
> have to login again only after you log off.
>
> --
> Thanks,
>     Zuzel
>
> On Tue, Feb 8, 2011 at 9:41 PM, Stian Håklev <shaklev at gmail.com> wrote:
> > Awesome,
> > is this live right now for testing? Does it preserve log on through a
> > cookie, or do we have to log in again, it's just that we don't need a
> > separate account?
> >
> > Stian
> >
> > On Tue, Feb 8, 2011 at 18:44, zuzel.vp <zuzel.vp at gmail.com> wrote:
> >>
> >> OSQA's authentication backend for the existing drupal users is ready:
> >>
> >>
> https://github.com/zuzelvp/p2pu_osqa/blob/master/forum/authentication/drupal_auth_backend.py
> >> -- Let me know if you want one for Lernanta ;)
> >>
> >> --
> >> Thanks,
> >>    Zuzel
> >>
> >> On Tue, Feb 8, 2011 at 1:53 PM, zuzel.vp <zuzel.vp at gmail.com> wrote:
> >> > At the short term there is the choice of implementing a django auth
> >> > backend
> >> > (
> http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend
> ).
> >> >
> >> > --
> >> > Thanks,
> >> >    Zuzel
> >> >
> >> > On Tue, Feb 8, 2011 at 1:49 PM, Stian Håklev <shaklev at gmail.com>
> wrote:
> >> >> This is very useful. However, this was a straight migration, for P2PU
> >> >> the
> >> >> concern currently is to enable OSQA and Drupal integration in the
> short
> >> >> term, and longer term to enable integration with a number of
> different
> >> >> services (potentially IRC, Big Blue Button, OSQA, a wiki, etc).
> >> >>
> >> >> Going to play with your new site now! :)
> >> >> Stian
> >> >>
> >> >> On Tue, Feb 8, 2011 at 13:44, Paul Osman <paul at mozillafoundation.org
> >
> >> >> wrote:
> >> >>>
> >> >>> So we recently migrated ~12000 users from Drupal to Django for
> >> >>> Drumbeat.org. A few things to note:
> >> >>>
> >> >>> 1) Drupal 6.x stores passwords as unsalted MD5 hashes. This is
> fairly
> >> >>> insecure (susceptible to being compromised by attackers using
> rainbow
> >> >>> tables) and has been dropped by most modern authn systems. Luckily,
> >> >>> Django
> >> >>> used to do this too, and now the default authentication backend in
> >> >>> Django
> >> >>> handles unsalted MD5 hashes just fine. Basically, when Django
> >> >>> encounters a
> >> >>> user with an unsalted MD5 hashed password, it authenticates them and
> >> >>> then
> >> >>> upgrades them automatically to whatever hashing algorithm you choose
> >> >>> to use
> >> >>> going forward (SHA512 in our case). This means you can migrate
> Drupal
> >> >>> users
> >> >>> with a straight-up SQL script, which is what we ended up doing.
> >> >>>
> >> >>> 2) LDAP could be used, but introduces another piece of software to
> the
> >> >>> architecture of the site, which could become cumbersome.
> >> >>>
> >> >>> 3) OpenID could be used as well, but for a variety of reasons,
> forcing
> >> >>> all
> >> >>> of your users to use OpenIDs (even if you set up an identity
> provider)
> >> >>> could
> >> >>> be difficult.
> >> >>>
> >> >>> I'd recommend doing the same thing we did... total migration took
> >> >>> about 30
> >> >>> minutes for ~12k users with a ~30 line python script that executed
> raw
> >> >>> sql
> >> >>> against the Drupal database and used Django models to write data.
> >> >>>
> >> >>> -Paul
> >> >>>
> >> >>> On 02/08/2011 01:33 PM, zuzel.vp wrote:
> >> >>>>
> >> >>>> Adding a third option:
> >> >>>>
> >> >>>> 1) Moving existing Drupal user accounts into LDAP. If the users are
> >> >>>> in
> >> >>>> LDAP it will be possible to authenticate using
> >> >>>> http://packages.python.org/django-auth-ldap/ for Lernanta and
> >> >>>> http://drupal.org/project/ldap_integration for the drupal site.
> >> >>>>
> >> >>>> 2) Use a custom django authentication backend in Lernanta (to
> >> >>>> authenticate against the drupal site database) during the first
> steps
> >> >>>> of the migration, and then move all the users from one database to
> >> >>>> the
> >> >>>> other when we stop to use the drupal site.
> >> >>>>
> >> >>>> 3) Use Drupal as an OpenID Server. Drupal sites themselves can act
> as
> >> >>>> OpenID servers, using the openid_server module, but only drupal 4.7
> >> >>>> has support for this right now (needs to be ported to 5 and 6).
> >> >>>>
> >> >>>> Thanks,
> >> >>>>     Zuzel
> >> >>>>
> >> >>>> On Tue, Feb 8, 2011 at 1:11 PM, Jessica Ledbetter
> >> >>>> <jessica at jessicaledbetter.com>  wrote:
> >> >>>>>
> >> >>>>> On Tue, Feb 8, 2011 at 1:09 PM, John
> >> >>>>> Britton<public at johndbritton.com>
> >> >>>>>  wrote:
> >> >>>>>>
> >> >>>>>> I'd really like to see us using
> >> >>>>>> OpenID.
> >> >>>>>
> >> >>>>> +1
> >> >>>>> _______________________________________________
> >> >>>>> p2pu-dev mailing list
> >> >>>>> p2pu-dev at lists.p2pu.org
> >> >>>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >> >>>>>
> >> >>>> _______________________________________________
> >> >>>> p2pu-dev mailing list
> >> >>>> p2pu-dev at lists.p2pu.org
> >> >>>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >> >>>
> >> >>> _______________________________________________
> >> >>> p2pu-dev mailing list
> >> >>> p2pu-dev at lists.p2pu.org
> >> >>> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> http://reganmian.net/blog -- Random Stuff that Matters
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> p2pu-dev mailing list
> >> >> p2pu-dev at lists.p2pu.org
> >> >> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >> >>
> >> >>
> >> >
> >> _______________________________________________
> >> p2pu-dev mailing list
> >> p2pu-dev at lists.p2pu.org
> >> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >
> >
> >
> > --
> > http://reganmian.net/blog -- Random Stuff that Matters
> >
> >
> > _______________________________________________
> > p2pu-dev mailing list
> > p2pu-dev at lists.p2pu.org
> > http://lists.p2pu.org/mailman/listinfo/p2pu-dev
> >
> >
> _______________________________________________
> p2pu-dev mailing list
> p2pu-dev at lists.p2pu.org
> http://lists.p2pu.org/mailman/listinfo/p2pu-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p2pu.org/pipermail/p2pu-dev/attachments/20110209/c7a08a27/attachment-0001.html>


More information about the p2pu-dev mailing list