Wikiperiments

2006 April 20
tags: , ,
by Karen

So I’ve been working on and off for a week and a half trying to figure out how to run a large scale wiki farm for the UH Libraries where all the Wiki’s would have the same basic template. The problems are similar to what I encountered when I worked on the UH Libraries weblogs project: scalability, easy of use, and end-user control. The number one issue is scalablity. I really don’t want to install multiple instances of the same wikis software. To do so would be effective and would create a maintainance nightmare everytime there was an upgrade to the software or we wanted to change the design/look and feel for the wikis.

The second issue with wiki and blog software is finding software which is easy to use both for the end-users and for the systems staff. Right now my department of three is responsible for a host of web-based applications including blogs and our soon to be implemented content management system. I want applications that are easy for us to modify and and maintain. This means leveraging our existing skills to their fullest. So I looked at wiki solutions that are PHP/MySQL-based. This builds on what we learned doing the blogging project. The third issue with installing wikis software is giving complete control to the end users. For me this means not only letting people maintain their own wikis but also be able to create their own wikis. This was a goal we never successfully reached with the blog project (much to my chagrin). I’m hoping to be able to overcome this barrier with the wiki project.

Last week I started with installing MediaWiki in wiki-farm mode. How does this differ from the standard MediaWiki install? Well for one thing the standard MediaWiki install is for one wiki rather than many. One way to solve this is to have multiple folders with the MediaWiki files and use a different MySQL database for each wiki. The problem with this is that you have to replace all the MediaWiki files in every directory when there is an upgrade. To solve this check out this page which talks about running a MediaWiki wiki-farm on a Mac.

Once I solve the wiki-farm issue, the next problem I needed to deal with was
authentication. I really don’t want my users to have to remember yet another
username and password. So I started investigating to see if MediaWiki will
work with LDAP. It will and there are directions available that will walk you through the process of installation.
You will need to have PHP must be installed with LDAP and SSL support. The
site doesn’t tell you how to tell if this is the case or if these aren’t installed
how to do it. So here is my basic run down of how to tell if you have the LDAP
and SSL support installed.

  1. Check to see if PHP is installed with LDAP and SSL support
  2. On your server create a new file name phpinfo.php with the following lines
    <?php
    phpinfo();
    ?>
  3. Save the file in your web server directory
  4. Open your web browser to the phpinfo.php file on your server
  5. This will display information about your installation of PHP. Look for LDAP and OpenSSL. if you don’t see them they are missing and you need to install them

I wish I could write a set of instructions on how to install these modules into PHP but every instance is different. Hopefully you won’t have to install from source. On many Linux systems you can use the package manager (in SUSE this is yast) to install what you need. Look for PHP-LDAP and SSL-PHP. For information on how to install from source a good place to start is http://us3.php.net/install.

One thing that is essential if you choose to do this is make the usernames
and passwords being passed from the user to MediaWiki on to the LDAP server
secure. Sending passwords in the clear is VERY BAD and a BIG security threat.
This means that in your Local_Settings.php file make sure your wgLDAPUseSSL
variable is set to true.

//Use LDAPS (your system may default to using TLS over LDAP instead of LDAPS)

//Recommended!!

$wgLDAPUseSSL = true;

Also in addition to follow the directions on the MediaWiki support site you should configure your server with SSL and LDAP installed and properly configured. I’ve put up a set of directions on how to do this in another post because the instruction are long. Once you’ve followed these steps you need to make sure that every time a user requests the MediaWiki login page that it requested securely. This means a url starting https://. To do this you need to change some settings in Apache. Below are the directions for Apache 2.0 .

  1. Open up and edit your default_server.conf file (/etc/apache2/default_server.conf)
  2. Add the following lines

    RewriteEngine on

    RewriteRule ^/wiki_directory/(.*)/index.php/Special:Userlogin(.*) https://%{SERVER_NAME}/wiki_directory/$1/index.php/Special:Userlogin$2 [L,R]

    RewriteCond %{QUERY_STRING} ^title=Special:Userlogin

    RewriteRule ^/wiki_directory/(.*)/index.php https://%{SERVER_NAME}/wiki_directory/$1/index.php?%{QUERY_STRING} [L,R]
  3. Save the file
  4. Stop and restart Apache
    apache2ctl stop
    apache2ctl start

This will force all requests for the pages where users login or create logins through a secure connection.

I’ve been able to successfully get this running on the test wiki server and
will likely be porting it to a production environment in the next week. I still
have several issues to solve: RSS feeds, getting email from the wikis to work,
and creating my own layout and design for wikis. Overall, this is a good start
and I’ll keep writing about the wiki project as I make further headway.

from → Wikis

9 Responses leave one →
  1. 2006 April 27
    Scott permalink

    We’re trying to use MediaWiki as well. However, it has not been easy to use for the librarians. Formating text, such as making headers, lists, and links, requires the use of some special syntax. It’s not entirely simple or intuitive. I might as well just teach them html! I’d like to hear how that goes for you.

    (Perhaps there is a WYSIWYG plugin or something that I haven’t come across.)

  2. 2006 August 17
    Ryan permalink

    Thanks for the information on LDAP and SSL. I got my wiki site authenticating users from LDAP, but I want to restrict them to SSL. Apache is already configured, but I wasn’t sure how to configure MediaWiki. I’ll take a look at your apache configuration and port it to my installation.

  3. 2008 July 30
    MikeN permalink

    Is it possible to have both LDAP and non-LDAP accounts on a mediawiki. Can some users be authenticated via the domain – SSL/LDAP/Active Directory and some able to access the wiki, make an account, from the web?

  4. 2008 July 30
    Karen permalink

    Absolutely. We both local accounts in MediaWiki and domain authenticated accounts. The way this works is people have to choose the appropriate authentication scheme in a drop-down. I’m sure the UI could be redesigned though to first check one and then the other so people didn’t have to choose.

  5. 2008 July 30
    MikeN permalink

    I have the LDAP working ok, and the local works ok if the account is already in the local database. I can’t get it to create a new account for the local database not coming in from LDAP but from the www, any user trying to login but must create an account.

Trackbacks & Pingbacks

  1. Like Your Work » Blog Archive » links for 2006-05-04
  2. Sam’s Work Blog » Blog Archive » CETIS site redevelopment: A Plan
  3. Bieber Labs » Subversion, MediaWiki, Wordpress, and LDAP
  4. DrThompsen.com ยป NERCOMP - Wikis for collaborative work

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS

You must be logged in to post a
video comment.