What Are You Doing Right Now
-
@EddieJennings said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
@coliver I'd like the site traffic to be secure. I also want to try to use LADPS when authenticating against AD. Since we have a CA in place, I'd like to use it.
Interesting. Have you taken a look at Let's Encrypt? It would be more reliable then your CA and can be easily automated.
I've considered it, and might end up going that route when my little internal wiki goes into production. This is also a learning exercise for me (using my own CA).
Wasted time. Why would you ever use your own CA?
-
Better to use the effort to learn good prioritization
-
@scottalanmiller For me, no learning is wasted. We deployed a CA a couple of years ago to use certificates for part of the authentication for our LT2P/IPSEC vpn.
-
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
-
All learning comes with a cost of lost opportunity. Learning something useless or nearly so instead of something good is in relative terms negative learning.
-
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
-
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
Mediawiki requires the full LAMP stack. I believe that DokuWiki requires just LAP. We use Confluence for much of our documentation.
-
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
-
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
Hah, MediaWiki is what we just moved off of. Been using it for YEARS, just got so sick of it.
Now using Wordpress with a wiki theme and a few extremely useful plugins, such as WYSIWYG, copy/paste in pictures directly in to editor, lightbox, ToC, and some others that make wikitizing extremely easy, fast, convenient, and over all good experience.
-
@coliver said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
Mediawiki requires the full LAMP stack. I believe that DokuWiki requires just LAP. We use Confluence for much of our documentation.
Correct.
-
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
Meh. Note what I just said about the cost of lost opportunity in learning.
-
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.
-
@coliver said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.
Also, definitely worth looking at an addon called TablePress. Turn your ugly and time-consuming mediawiki table into something real... searchable, manageable. Like if you have a server list with associated info in a table, copy/paste it to excel, then import it to tablepress. Add to wordpress post and be amazed!
-
@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.
-
Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.
-
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.
-
-
Or maybe a 4th option and figure out how to authenticate against AD using kerberos.
-
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
-
@EddieJennings said in What Are You Doing Right Now:
I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.
You may want to watch @scottalanmiller's discussion on LANless design.
-
@EddieJennings said in What Are You Doing Right Now:
Or maybe a 4th option and figure out how to authenticate against AD using kerberos.
Is there another way?
-
@coliver said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
That's what I would guess.
-
@scottalanmiller said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
That's what I would guess.
I'm trying to find documentation on it. But really it's just LDAP riding over SSL. So no special certificates or anything are really needed.