What Are You Doing Right Now

Obsolesce

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

Hah, MediaWiki is what we just moved off of. Been using it for YEARS, just got so sick of it.

Now using Wordpress with a wiki theme and a few extremely useful plugins, such as WYSIWYG, copy/paste in pictures directly in to editor, lightbox, ToC, and some others that make wikitizing extremely easy, fast, convenient, and over all good experience.

scottalanmiller

@coliver said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

Mediawiki requires the full LAMP stack. I believe that DokuWiki requires just LAP. We use Confluence for much of our documentation.

Correct.

scottalanmiller

@wirestyle22 said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

So the question becomes should I learn it? It sounds like I should.

Meh. Note what I just said about the cost of lost opportunity in learning.

coliver

@wirestyle22 said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

So the question becomes should I learn it? It sounds like I should.

In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.

Obsolesce

@coliver said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

Is MediaWiki still the standard? What are you preferences Mangolassi and why?

It's the biggest player. That's for sure. But it's ugly and a pain.

So the question becomes should I learn it? It sounds like I should.

In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.

Also, definitely worth looking at an addon called TablePress. Turn your ugly and time-consuming mediawiki table into something real... searchable, manageable. Like if you have a server list with associated info in a table, copy/paste it to excel, then import it to tablepress. Add to wordpress post and be amazed!

EddieJennings

@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.

1. Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.

2. Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

EddieJennings

Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

coliver

@EddieJennings said in What Are You Doing Right Now:

Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

coliver

@EddieJennings said in What Are You Doing Right Now:

I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

You may want to watch @scottalanmiller's discussion on LANless design.

scottalanmiller

@EddieJennings said in What Are You Doing Right Now:

Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

Is there another way?

scottalanmiller

@coliver said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

That's what I would guess.

coliver

@scottalanmiller said in What Are You Doing Right Now:

@coliver said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

That's what I would guess.

I'm trying to find documentation on it. But really it's just LDAP riding over SSL. So no special certificates or anything are really needed.

scottalanmiller

@EddieJennings said in What Are You Doing Right Now:

@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.

1. Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.

2. Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

For point 1 you can do any cert. but LE is the only one I would ever use.

EddieJennings

@scottalanmiller said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

Is there another way?

Is there? If so, enlighten me, so I'm not putting effort toward negative learning.

scottalanmiller

I think just LDAPS.

coliver

I'm pretty sure with Dokuwiki you set StartTLS = 1. You may need the openssl library installed first but I'm pretty sure it is that easy.

EddieJennings

@coliver Since you mentioned possibly just needing a self-sign cert, that's what I'm thinking as well. We're about to find out.

scottalanmiller

@coliver said in What Are You Doing Right Now:

I'm pretty sure with Dokuwiki you set StartTLS = 1. You may need the openssl library installed first but I'm pretty sure it is that easy.

That's what I would guess. Generating a very of any sort is weird for this.

coliver

@EddieJennings said in What Are You Doing Right Now:

@coliver Since you mentioned possibly just needing a self-sign cert, that's what I'm thinking as well. We're about to find out.

This would be a good how to thread by-the-by.

scottalanmiller

Heading home from whisky stuff.