Hi,
I'm trying to integrate my mediawiki site with some custom python web apps. I have complete control over the mediawiki server, and am free to change the authentication plugin if needed. For the time being, I would like all users to login via a screen on the mediawiki page (or at least they should believe they are, the whole process should be transparent to them).
In general, I would prefer not to completely write my own authentication code, but I don't mind doing some minor adapting.
I'm looking for some advice from people who have done something like this before, my questions are:
I know absolutely nothing about LDAP, but it seems rather commonly supported with various plugins for mediawiki and python. Is it best to have a central LDAP server, and then force all apps to authenticate here?
As compared to the above, what are the downsides of just reading from the wiki database, and comparing to see if the shared-secret from the user's cookie match, and then assuming they are logged in?
Is it advisable to use openID for a situation like this? What are some of the downsides.