To make the change from Drupal to Lernanta we will need to migrate the existing user accounts at p2pu.org. To facilitate this process we are trying to decide between:

1) Moving existing Drupal user accounts into LDAP. If the users are in LDAP it will be possible to authenticate using http://packages.python.org/django-auth-ldap/ for Lernanta and http://drupal.org/project/ldap_integration for the drupal site.

2) Use a custom django authentication backend in Lernanta (to authenticate against the drupal site database) during the first steps of the migration, and then move all the users from one database to the other (something similar to http://blog.eval.ca/files/migration.py) when we stop to use the drupal site. -- See http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend for how to implement a custom django authentication backend.

3) Use Drupal as an OpenID Server. Drupal sites themselves can act as OpenID servers, using the openid_server module, but only drupal 4.7 has support for this right now (needs to be ported to 5 and 6).

1)
For
Against

2)
For
Against

3)
For
Against

Additional Thoughts

John - I think it might be a scary beast, but I'm totally uneducated. I'd really like to see us using OpenID.

Jessy - We clearly need a backend authentication solution, and LDAP might not be the shiniest or the easiest to configure, but it's still definitely THE standard, and you'll certainly have a lot of help and documentation from the many many many people who have gone before us and/or who are currently in the same situation we are. +1

Paul - Default authentication backend in Django handles unsalted MD5 hashes just fine. Basically, when Django encounters a user with an unsalted MD5 hashed password, it authenticates them and then upgrades them automatically to whatever hashing algorithm 
you choose to use going forward (SHA512 in our case). This means you can migrate Drupal users with a straight-up SQL script, which is what we ended up doing. I'd recommend doing the same thing we did... total migration took about 30 minutes for ~12k users with a ~30 line python script (http://blog.eval.ca/files/migration.py) that executed raw sql against the Drupal database and used Django models to write data.

Stian - This is very useful. However, this was a straight migration, for P2PU the concern currently is to enable OSQA and Drupal integration in the short term, and longer term to enable integration with a number of different services (potentially IRC, Big Blue Button, OSQA, a wiki, etc). +1

Pippa - As it currently sits, users need to create multiple user accounts to  deal with the various systems that P2PU recommends, whether they be  OSQA, Pivotal Tracker, UserVoice, Open Atrium (tracker.p2pu.org),  a wiki, mailing lists, blogs etc...
In my mind the experience of community members (and most importantly  course participants) is made much more difficult through that process  of creating accounts for each individual service... The current setup is making learners lives far more difficult than they  need to be and quite possibly multiple sign-ups and managing multiple  accounts is one factor leading to course drop-outs.

Nigel - Comments from an experienced sysadmin - LDAP has a wicked learning curve.  On the admin side you need to make decisions about configuration and replication techniques, on the user side ldap syntax is a beast, it's very difficult to learn.  The basics should be ok to set up, but it still isnt simple