1 |
This comes with a dealy, as I've been sick the past days. The LDAP related |
2 |
code is 90% done. It now has the following features: |
3 |
|
4 |
- Login to the system (report #1 explains in detail how login works). It |
5 |
previously was using only the basic info (real name, primary email), but now |
6 |
it is configurable to use more info, where the sysadmin is able to define in the |
7 |
config files. This was easy to do, by creating a second dictionary to map the |
8 |
django user profile fields with LDAP attributes. |
9 |
- Signup. For this, an admin LDAP account is needed to be put in the config |
10 |
file. The admin account, contrary to other backends, is used only to create new |
11 |
users. Other LDAP implementations use that admin account for everything |
12 |
though. So, now the user declares username/password, the anon account searches |
13 |
if the user already exists (both the username and the email have to be |
14 |
unique), and if not, it creates the account, using the same dictionary to map |
15 |
django DB fields with LDAP attributes. |
16 |
- User settings. There are some forms that allow the user to change his data. |
17 |
This is done by using his own account, and not by using the admin account to |
18 |
do that. A second password is being created for the session, since we didn't |
19 |
want to cache the regular password. (again, report #1 has more info about it). |
20 |
- Map LDAP ACL to Django groups. For that, a special multivalued attribute is |
21 |
used, in gentoo it is called gentooAccess, which contains some *.group entries |
22 |
that specify the user's special permissions. This gives the abillity to a |
23 |
special team to touch other users' data, eg infra. While the mapping is |
24 |
complete, the UI is not yet. |
25 |
|
26 |
Other things that I did: |
27 |
|
28 |
- I set up the service in one of my home servers, so that Matt can test it |
29 |
too. The LDAP used there is very minimalistic. |
30 |
- I gave Robin some cfengine patches for both the webapp and the LDAP (which |
31 |
should be as much identical to the official as possible). They are not complete |
32 |
yet though. Once the webapp is up and running in vulture ( the soc.dev server) |
33 |
I'll be able to test it in our official configuration. |
34 |
|
35 |
What I'm going to do during the weekend: |
36 |
|
37 |
- Improve documentation (docstrings) and fire up sphinx |
38 |
- Improve logging system |
39 |
- I started writing some tests for the backend, I'm going to finish it, and |
40 |
plus write tests for all the above as well. |
41 |
- Create an ebuild to automate tests |
42 |
- Finish the "touch other users' data" UI |
43 |
|
44 |
After that, the LDAP system will be finished, and let the tests show me bugs. |
45 |
|
46 |
Next week I'll start working on the website part, beginning with the LXML |
47 |
parsing of our docs. |
48 |
-- |
49 |
Theo Chatzimichos | blog.tampakrap.gr |
50 |
Gentoo KDE/Qt, Planet, Overlays |