Talk:CNM MediaWiki IAM
Potential contractors proposal
- Several applicants reached out with their proposals from the job posting on UpWork. Below is a proposal made by one of the potential contractors for CNM MediaWiki IAM task.
Contractor NS
- NS : I have researched about it and get some points as follow -
- LDAP:Authentication integration with MediaWiki
- 1. Installing required extensions : "LDAPAuthentication2" and "PluggableAuth."
- 2. Configuring LDAP settings: LocalSettings.php file involves specifying the LDAP server address, port, authentication method, base DN, and search attributes
- 3. Testing the LDAP connection and verifying it
- 4. Making LDAP the primary authentication method of MediaWiki by making LDAPAuthentication2 extension the authentication method.
- The above points are calculated considering an organization already have an existing LDAP server.
- If the organization does not have a ldap server, then we will have to create one specifically for an organization.
- Process for creating LDAP server -
- We will be using docker to create LDAP server and I've worked on it before but I was not able to access the server as an admin because the credentials I was using were incorrect.
- 1. Setting up LDAP server using docker
- 2. Getting into the server and setting it up according to our requirements. (This is a rough idea as I was not able to get to this step. It could take even less or more depending upon the requirements and obstacles)
- Additional usages of a LDAP server -
- Other than serving as an authentication method, an ldap server can also be used for the following:-
- 1. Directory Services: it can act as a central repository for all your files and information .
- 2. Managing Data and Information of users. (incl. Address book and Contact management )
- 3. Single Sign-On (SSO)- it can help us authenticate users once and make them access information across different platforms and service providers. Users will not have to create different accounts for each platform/service.
- So My ballpark estimates is around 40 hours for this above steps. Please let me know if you have any query regarding this.
- Gary : Our project slowed down for a while. We hired an expert, but failed to get a solution. The developments are documented on the https://wiki.cnmcyber.com/en/CNM_MediaWiki_IAM wikipage. May you actually integrate LDAP and MediaWiki? If so, please give your budget and schedule estimates.
- NS : I would like to discuss the following details -
- 1. Do you have an existing LDAP server?
- 2. As I don't have LDAP server so that I am not able to login on there if you have this then I can try this with login?
- Gary : That's correct -- we will give you an LDAP server and VM to experiment.
- NS : I have connected to the ldap server and I noticed that the LDPAuthentication2 and the PluggableAuth was already installed on the server.
- I tried to configure the LocalSettings.php file in MediaWiki source code. I have configured the ldap extensions first by adding a new json file since it does not exist already. After adding the json config file to the ldap server, I will be able to load the extensions and proceed with the testing of ldap and MediaWiki connection.
- I will keep you posted about next steps.
- NS : I have added the ldap.json file and the extensions are successfully enabled. Since I have added the LdapAuthentication2 plugin, the authentication method of the website is changed and a database error have occurred. I am trying to resolve the errors that are caused after including the plugins.
- I will inform you if I need anything from your end. Because the documentations suggest that I will be needing more details of the ldap server.
- NS : I have successfully installed the LDAPAuthentication2 plugin and I have also configured it according to the existing user.
- Please take a look at the login functionality at https://w1.plzin.com
- After completing the integration of LDAPAuthentication and PluggableAuth, I am confident that I will be able to work more on this.
- I would like to request you to hire me on upwork for further tasks.