What Are You Doing Right Now
-
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
-
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
Hah, MediaWiki is what we just moved off of. Been using it for YEARS, just got so sick of it.
Now using Wordpress with a wiki theme and a few extremely useful plugins, such as WYSIWYG, copy/paste in pictures directly in to editor, lightbox, ToC, and some others that make wikitizing extremely easy, fast, convenient, and over all good experience.
-
@coliver said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
Mediawiki requires the full LAMP stack. I believe that DokuWiki requires just LAP. We use Confluence for much of our documentation.
Correct.
-
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
Meh. Note what I just said about the cost of lost opportunity in learning.
-
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.
-
@coliver said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
Is MediaWiki still the standard? What are you preferences Mangolassi and why?
It's the biggest player. That's for sure. But it's ugly and a pain.
So the question becomes should I learn it? It sounds like I should.
In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.
Also, definitely worth looking at an addon called TablePress. Turn your ugly and time-consuming mediawiki table into something real... searchable, manageable. Like if you have a server list with associated info in a table, copy/paste it to excel, then import it to tablepress. Add to wordpress post and be amazed!
-
@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.
-
Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.
-
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.
-
-
Or maybe a 4th option and figure out how to authenticate against AD using kerberos.
-
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
-
@EddieJennings said in What Are You Doing Right Now:
I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.
You may want to watch @scottalanmiller's discussion on LANless design.
-
@EddieJennings said in What Are You Doing Right Now:
Or maybe a 4th option and figure out how to authenticate against AD using kerberos.
Is there another way?
-
@coliver said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
That's what I would guess.
-
@scottalanmiller said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.
That's what I would guess.
I'm trying to find documentation on it. But really it's just LDAP riding over SSL. So no special certificates or anything are really needed.
-
@EddieJennings said in What Are You Doing Right Now:
@scottalanmiller The other part of the problem is there are two things I'm wanting to secure.
-
Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.
-
Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.
I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.
For point 1 you can do any cert. but LE is the only one I would ever use.
-
-
@scottalanmiller said in What Are You Doing Right Now:
@EddieJennings said in What Are You Doing Right Now:
Or maybe a 4th option and figure out how to authenticate against AD using kerberos.
Is there another way?
Is there? If so, enlighten me, so I'm not putting effort toward negative learning.
-
I think just LDAPS.
-
I'm pretty sure with Dokuwiki you set StartTLS = 1. You may need the openssl library installed first but I'm pretty sure it is that easy.
-
@coliver Since you mentioned possibly just needing a self-sign cert, that's what I'm thinking as well. We're about to find out.
-
@coliver said in What Are You Doing Right Now:
I'm pretty sure with Dokuwiki you set StartTLS = 1. You may need the openssl library installed first but I'm pretty sure it is that easy.
That's what I would guess. Generating a very of any sort is weird for this.
-
@EddieJennings said in What Are You Doing Right Now:
@coliver Since you mentioned possibly just needing a self-sign cert, that's what I'm thinking as well. We're about to find out.
This would be a good how to thread by-the-by.