We are released our new intranet Drupal site for Catlin Gabel community members. Protected by login, it provides blog, podcast, social bookmark, knowledgebase, photo gallery, and e-portfolio services to students, teachers, staff, and parents. Drupal will serve as a user-centric complement to our group-centric Moodle course and planning group sites.
Drupal continues to amaze. Today, I found the solution to a classic problem of login-protected intranets. When the user accesses the site with a web-browser, we want to present a web-based login form. However, what about subscribing to RSS feeds? Protecting a site with form-based login breaks other applications such as iTunes and feed readers.
Fortunately, Drupal developers anticipated this problem and created two modules that address the problem: HTTP Auth and SecureSite. I tried both this evening, but at first they completely broke the site for LDAP users. Then, another great Drupal moment: the Drupal forums indicated that others had run into the same problem just this past July, and developers patched the LDAP Integration module. Now, LDAP and HTTP Auth play well together, and the tool works brilliantly in iTunes!
I don’t know whether the patch also fixes securesite, and it appears that the module has a history of security vulnerabilities.
I am getting mixed results with blog feed readers. NetNewsWire, for example, shows the authentication window but does not display any content. More investigation to do here …