Question

We have an intranet where most, but not all users are authenticated. What I'd like to achieve is that when an unregistered but authenticated user edits a page, he is automatically redirected to the TWikiRegistration page. In addition, I'm thinking of supplying defaults to the registration drawn from a LDAP query (which I can run based on the remote user name from authentication).

The usage scenario should be:

1. Anyone can read without authentication or registration. That's easy.
2. Editing (and all other admin actions) requires authentication. That's easy if I require authentication on the web server level for the edit script.
3. Authentication requires registration. This doesn't work because after authentication my signature is "Main.loginnameDOMAIN" - I don't have to register.

Can this be done by TWiki variable / settings customisation or would I have to enter the code?

Environment

-- HaraldJoerg - 10 Aug 2005

Answer

If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

Normally when authentication fails the user is redirected to the registration script.

It sounds like you have pre-registered all your users (e.g. you are using an existing htpasswd file), but you want to detect and force registration of authentic but unregistered users.

I don't think there's any way to do what this. A user is either authentic, in which case they are assumed to have registered, or they are not in the passwd file and are required to register.

I have solved this problem in the past, but only by adding code.

-- CrawfordCurrie - 18 Aug 2005

As Crawford states, this is only done by adding some code. In our Intranet, all users are required to authenticate by passing them through Apache auth then passing this to TWiki (which is supported by TWiki outofthebox). This provides all employees the ability to browse all topics.

Once they try to edit, however, a small bit of code that I added takes a look to see if they are registered. THe best way I knew how to do this was to check and see if they had a "User Topic" of the form RegisteredTwikiName? . If they are unregistered, TWiki simply makes the remote username and the twikiname the same. Since our internal login id's are not twikinames, the resulting search will fail and they are re-directed to the oops script and told they need to register.

Twiki doesn't really have the equivalent of a registration database, so this was the best I could come up with at the time - and it works!

-- SteveRJones - 19 Aug 2005

Thanks for the comments - though it confirms that I'd have to change some code to achieve what I want.

Our "pre-registration" is simply that all users in our intranet are supposed to be logged into a Windows domain - if so, then Apache can use that to verify the users' identity against the domain controller. We neither have to bother them for a password nor to do user administration (WWW-authenticate: Negotiate together with mod_auth_kerb do the trick).

Maybe I'll try to auto-create the user topics with proper TWiki names if the pages don't exist. Our login names are pretty cryptic, and I'd prefer to have real names in the signatures. In a Windows Active Directory environment, deducing the real names (and mail address etc.) from the login names can be done with Net::LDAP. I'd like to avoid that users have to manually enter data which I can get automatically, but I want to give them the opportunity to add more personal stuff.

All of that isn't going to be happening before I've been in holidays from next week

Cheers!

-- HaraldJoerg - 20 Aug 2005

Ok, marking this as "Answered"

-- SteveRJones - 21 Aug 2005

See RequireRegistrationPlugin.

-- PeterThoeny - 28 Jul 2007