 | Designed to provide an integrated security system against a domain-wide security infrastructure. It leverages the Windows Active Directory (via LDAP) to apply appropriate user authentication. |
EditWhat the plugin can do
Note: Requires v2.0.27 of ScrewTurn or later, for appropriate user rights.
Note: Requires v2.0.33 of ScrewTurn or later, for user fullname display.
EditActive Directory Groups for Wiki users
Manage the whole Wiki user security via the Active Directory, and centralise all management of rights through one tool.
Maintain overall control within your Corporate IT department, while distributing control as necessary.
- Add users to specific AD groups to apply normal (User) and elevated (Admin) rights.
- Use groups within AD groups to simplify the distribution and management of users throughout the Enterprise infrastructure.
- This permits Wiki management to be distributed out to domain OUs.
EditNon Group Validation
To simplify Corporate access to general-use Intranets, use Domain-only Authentication to apply normal (User) rights.
- When a user-level AD group is not defined, any Domain authenticated login is automatically given normal rights, without any interaction from administrators.
EditAuthentication Server Specification
When Authentication servers are defined in a separate location, the server details and port number can be supplied. This allows authentication requests to pass through firewalls, etc.
EditError Overload Protection and AD User Caching
- Error Overload Protection protects the site when running Screwturn versions 2.0.31 and later, from AD errors or misconfiguration. The plugin will immediately fail authentication requests for 5 minutes after an exception is thrown during authentication.
- Improved performance, from extended user caching to reduce constant AD traffic. This provides considerable performance improvements, particularly when resolving editor names in Wiki pages. Cache lifetime can be configured if necessary.
EditChange History
| v1.5 | 8jun09 | Full caching implemented to reduce high cache invalidation when performing an All Pages lookup in the Wiki. |
| v1.42 | 25jul08 | User Fullname now available when using Screwturn v2.0.33 and later. Optimisations with AD user caching to prevent repetitive lookups for the recent user. |
| v1.3 | 20jun08 | Enhancements to accomodate changes in ScrewTurn v2.0.31 and later, including protection for incorrect configuration and AD server unavailability. Also added security for LDAP transport queries. |
| v1.2 | 21may08 | User request to add authentication server source and port, to pass through firewalls, etc |
| v1.1.2 | 20may08 | Improve logged details to assist diagnosis - no operational changes |
| v1.1 | 26feb08 | Add domain name suppression |
| v1.0 | 13feb08 | Permit all Domain authenticated users |
Ian Harding, Christchurch, New Zealand