MediaWiki / Python authentication integration advice needed

I'm trying to integrate my MediaWiki site with some custom Python web applications. I have complete control over the MediaWiki server and am free to change the authentication plugin if needed. For the time being, I would like all users to login via a screen on the MediaWiki page (or at least they should believe they are, the whole process should be transparent to them).

In general, I would prefer not to completely write my own authentication code, but I don't mind doing some minor adapting.

I'm looking for some advice from people who have done something like this before, my questions are:

1. I know absolutely nothing about LDAP, but it seems rather commonly supported with various plugins for MediaWiki and Python. Is i开发者_如何学编程t best to have a central LDAP server, and then force all applications to authenticate here?

2. As compared to the above, what are the downsides of just reading from the wiki database, and comparing to see if the shared-secret from the user's cookie match, and then assuming they are logged in?

3. Is it advisable to use openID for a situation like this? What are some of the downsides?

This might seem obvious but have you seen the LDAP Authentication extension? We used it (with some modifications) and it works well.

You can also use in combination with e.g. Lockdown.

So my (limited) answers to your questions are:

1. Yes (I can't think why you would not want it in one place).
2. One downside is if users move groups / authentication. They need manually to delete their cookies, which can cause headaches for people supporting the wiki.
3. Sorry, don't know that one.

Hope this limited answer helps.