Just as Good as Fog Creek
November 19th, 2007
Ha ha! Interwoven Chicago office gets a walk score of 98/100, just as much as Joel Spolsky’s Fogcreek does!!
Archive
Posts Tagged ‘interwoven’
David Nelson-Gal Playing the Guitar
May 10th, 2007
David Nelson-Gal is the SVP of Engineering at Interwoven. He was here at Bangalore for a short visit. Being a fun kind of a guy, he showed off his guitar skills at the office this evening. Check them out!
Can DNG Play the Guitar?
The Interwoven Bangalore Song
Joseph Cowan: Interwoven’s New CEO
April 9th, 2007
Interwoven has named Joe Cowan as the new CEO last week.
Interwoven, a provider of content management solutions, has made known that its board of directors has named Joseph L. Cowan as the company’s chief executive officer, effective. Cowan has also been appointed to the company’s board of directors. Max Carnecchia continues to serve as Interwoven’s president.
Cowan brings to Interwoven a proven track record in executive management of enterprise software companies with broad product portfolios and global operations. Most recently Cowan served as chief executive officer of Manugistics Group, a provider of demand and Supply Chain Management (SCM) solutions. Prior to joining Manugistics, Cowan was president and chief executive officer at EXE Technologies.
Wonder Shirt
January 30th, 2007
This is the T-shirt that Sivashankar, Kusuma and I designed for Interwoven Engineering. The sarcasm is lost on most:
- The ugly colours of the new Interwoven logo
- The satisfied customer is the exception
Our bikes and cars are getting dirty, and we need something to clean it.
LDAP Authentication for Mediawiki
January 17th, 2006
One of the first challenges we faced was making Mediawiki work with windows credentials on our intranet.
Before we go about it, I would like to point out that we don’t exactly authenticate against ADS although that is what the title may suggest. Our goal was, of course, to make it seem like we authenticate against ADS/LDAP. The illusion is pretty good.
Please note that the plugin described below was written against Mediawiki version 1.4.9, and it works on both Windows and Linux. It has not been tested against later versions. If you get it to work on other versions, drop me a note.
Mediawiki provides you a way by which you can hook in your own authentication plugin. The purpose of this exercise is to create an authentication plugin. We call our plugin IwovAuthPlugin. Let us create a new blank file called IwovAuthPlugin.php under the includes directory of your Mediawiki installation.
In the same directory, you can find a file name AuthPlugin.php. This file contains a class called AuthPlugin. We would sub class AuthPlugin to create IwovAuthPlugin. The documentation in the AuthPlugin.php file is pretty self explanatory.
Here is the content of my IwovAuthPlugin.php.
< ? php
require_once("AuthPlugin.php");
class IwovAuthPlugin extends AuthPlugin
{
function userExists( $username )
{
$userFoundInLdap = false;
$ldap_conn = ldap_connect("ldap.domain.com");
if ($ldap_conn)
{
ldap_set_option($ds,
LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($ldap_conn,
'domainuser',
'password');
$results = ldap_search(
$ldap_conn,
"OU=Domain Users, DC=Domain, DC=com",
"sAMAccountName=$username");
$info = ldap_get_entries($ldap_conn,$results);
if ($info["count"] > 0)
{
$userFoundInLdap = true;
}
ldap_close($ldap_conn);
}
return $userFoundInLdap;
}
function authenticate( $username, $password )
{
return false;
}
function autoCreate()
{
return true;
}
function strict()
{
return false;
}
function initUser( &$user )
{
$ldap_conn = ldap_connect("ldap.domain.com");
if ($ldap_conn)
{
ldap_set_option($ds,
LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($ldap_conn,
'domainuser',
'password');
$userId = $user->getName();
$results = ldap_search($ldap_conn,
"OU=Domain Users, DC=Domain, DC=com",
"sAMAccountName=$userId");
$info = ldap_get_entries($ldap_conn,$results);
if ($info["count"] > 0)
{
$entry = $info[0];
$user->setRealName($entry["name"][0]);
$user->setEmail($entry["mail"][0]);
}
ldap_close($ldap_conn);
}
}
}
? >
That looks formidable, but let me try to make it very easy for you.
First of all, look at the function called authenticate(). Note that it always returns false. Which means that whenever a user tries to login, our authentication system always denies permission. This may seem weird, but read on. We override a function called strict(). This function returns false, which indicates to Mediawiki that native DB authentication may follow if the external authentication fails. Since our plugin always fails to authenticate, we always rely on the default authentication that Mediawiki provides.
So what, you may ask, is the point of writing this whole plugin thing?
- We don’t let all and sundry log in.
- We make sure that the account names that people choose matches their login IDs.
- We pull in user information (full name, email) from LDAP.
Our plugin does useful work only when a user logs into the system for the first time. The userExists() function searches LDAP to make sure that the user id that the user is requesting actually exists in the LDAP structure; thus preventing the use of random IDs. If the requested user id does not exist in LDAP, then an error message is displayed to the user. Also, note that the autoCreate() function returns true, which causes an account to be silently created. As a result, people don’t have to sign up – they can log in to the system straight away, thus creating the illusion that windows authentication is magically working. As is quite obvious, the initUser() function populates user information into the database from the LDAP directory.
Although this looks like a hack, it works quite well in practice.
Not to forget, we added the following entries to LocalSettings.php.
# user must login to edit. $wgWhitelistEdit = true; # ldap checks $wgAuth = new IwovAuthPlugin();
Add to this some changes to your UI skin to remove the ‘Create account’ link and such ilk, and you are ready to go!