LDAP authentication is supported by both Tikiwiki (via Pear::Auth) and Openfire, so it should be turned on allow people to authenticate with both servers using the same credentials. Tikiwiki supports LDAP record creation, so it should be a secondary authentication method for Tikiwiki and the primary authentication method for Openfire. The result should be that anyone with a Tikiwiki account can log in to Openfire using the same username/password, which is necessary to ensure that live chat helpers are properly credited in the CSAT implementation.
This sounds like something that would be needed for a future karma system on SUMO that gives proper credit for contributors helping users. Matthew, could you do the Openfire part for this? Should that be a separate bug?
For the karma system, we will need a way to link Openfire accounts to sumo accounts. We could use LDAP for this, if it ends up being used for the Mozilla-wide single sign-on project. Otherwise, we would need to create an Openfire plugin that allows SUMO authentication on Openfire. (In either case, I could handle the Openfire changes and account migration) This doesn't need to be complete when karma is first rolled out, since at first we can just have a manual configuration in SUMO to specify each user's Openfire account.
Related link: http://doc.tikiwiki.org/LDAP+authentication New in 4.0: http://doc.tikiwiki.org/tiki-index.php?page=Tikiwiki+4.0#LDAP_authentication_improvements General wishlist on the topic: http://dev.tikiwiki.org/External+Authentication
Bugs in tikiwiki, going away.