Honestly, I would deal with this above MediaWiki, because otherwise you will end up with maintenance work going forward, in addition to possibly having to repeat this for other business areas going forward.
Easiest way is to get them into a central AD, Domain Trusts will probably be the easiest way for the orgs that already have AD in place and for the the organisations that are currently not using AD, I would recommend just setting one up for them (whether it is completely separate to your existing one, a tree/forest of your current org, or just in your current organisational AD). That way you don't create a larger maintenance burden in your MediaWiki installation. On 5 January 2017 at 02:34, Daniel Barrett <d...@cimpress.com> wrote: > I'm wondering if anyone has dealt with the problem of wiki usernames no > longer being unique. I'll explain.... > > In our company, we store usernames in Active Directory and use LDAP for > MediaWiki authentication. This has worked reliably for years. Everyone has > email addresses ending in "@company.com", and the person with email address > "foo...@company.com" automatically gets the MediaWiki username "foobar". > > Now, our company has started acquiring other companies, and each one has its > own internet domain (and they don't all use Active Directory, so we are > experimenting with Auth0 for multidomain authentication). Suddenly, we can > have users named foo...@company.com, foo...@anothercompany.com, and > foo...@thirdcompany.com. If we keep our current solution for creating > usernames, all three of these addresses map to the username "foobar", and we > have A Bad Situation. > > Has anyone else encountered this situation? If so, how did you solve it for > MediaWiki? There are several obvious solutions, none of them perfect: > > 1. Use the entire email address (which is unique) as the MediaWiki username. > This affects all existing accounts as well as new accounts. One side-effect > is that some people have multiple email addresses (m...@company.com, > m...@anothercompany.com) and these would be considered different wiki users. > That's not a deal-breaker... we can live with it. > > 2. Somehow map every email address globally to a unique ID, say, with a > database table, and use that ID as the MediaWiki username. > > 3. Force every domain to use Active Directory, insert a unique ID into some > Active Directory field, and use it as the MediaWiki username. This is not > going to happen. We can't change every company's authentication mechanism. > > 4. Stop creating usernames automatically, and have users invent their own > unique usernames. Not great in a corporate environment. When usernames don't > match real names, it's inconvenient to locate the real people behind wiki > edits. > > 5. ...? > > Any tips appreciated from anyone who has been there before. > > Thank you, > DanB > > > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
