1 |
Quick summary: |
2 |
|
3 |
I'm writing a CMS for the Gentoo website, that will offer an LDAP web |
4 |
interface, plus it will replace Gorg and provide Beacon as WYSIWYG editor to |
5 |
edit the XML files. |
6 |
|
7 |
The past two weeks I've finished the LDAP bits, plus I've added some more |
8 |
features mostly needed for development purposes. In the settings files, the |
9 |
administrator can provide a bunch of variables: |
10 |
- the OU(s) the users are stored (there is support for multiple OUs, for |
11 |
example to separate users from developers with ou=users and ou=developers, |
12 |
while keeping unique usernames) |
13 |
- the credentials for the anon user (minimal privileged user to perform LDAP |
14 |
queries in case the anonymous search is disabled, both cases are covered in |
15 |
the app) |
16 |
- credentials of the admin user (needed mostly for user creation), the |
17 |
objectClasses for new users, the base attribute to search for users (uid and |
18 |
cn are the most common) |
19 |
- a map with user profile attributes (Django has only |
20 |
username/password/email/real name in its base profile, it is easily extendable |
21 |
though by specifying a connection between user profile fields and LDAP |
22 |
attributes) |
23 |
- a map with LDAP and ACP groups (for example, is_infra, is_devrel etc, |
24 |
depending on the LDAP permissions the user is able to view or touch other |
25 |
user's data) |
26 |
|
27 |
The login system had to change though. Robin wanted mail logins instead of |
28 |
username logins. This needed a lot of changes, since in LDAP mail is a multi- |
29 |
valued attribute, and in Django is single-valued field. I created an all_mails |
30 |
field in user profile instead, that has all the mails, but the user has to |
31 |
verify about them first. In initial registration, the user's mail is stored in |
32 |
a DB table, along with a 30char string, and a mail is sent to the user which |
33 |
contains the same string in the form of a URL. The system checks if those two |
34 |
match, and if they do, it removes the entry from that table and moves the mail |
35 |
to the user's LDAP mail attribute (and in the all_mails field in the DB, if |
36 |
applicable). The same procedure is followed when the user wants to add a new |
37 |
email to his account, for which he has to verify before getting it in the |
38 |
list. Afterwards, the user can log in with any of those emails he has verified. |
39 |
For password recovery, the user fills in the mail he wants to use for that |
40 |
session. |
41 |
|
42 |
The user profile is extendable, if other people want to use the LDAP frontend. |
43 |
For now there is a GentooProfile class that extends the UserProfile class, that |
44 |
has gentoo-specific fields based on the LDAP attributes Gentoo uses, plus the |
45 |
custom gentoo LDAP schema. |
46 |
|
47 |
User settings are available, under accounts/$USER subURL. The system checks if |
48 |
the URL maps to the user currently logged in, or another user in the LDAP |
49 |
server, then checks if the user is in the DB, migrates it if not, and shows |
50 |
the fields according to the logged in user's permissions. Edit settings is also |
51 |
available and works with the same logic. |
52 |
|
53 |
I've also added a lot of docstrings there, and started messing around with |
54 |
sphinx. |
55 |
|
56 |
The logging system is improved as well. The errors are printed in console if |
57 |
the project is run with Django's runserver for development purposes, and in |
58 |
/var/log/messages (which is configurable, it can go to a dedicated dir easily) |
59 |
for production use. |
60 |
|
61 |
More tests were written, and the ebuild is almost complete. I've set up an |
62 |
instance in one of my home servers, which will run tests automatically and |
63 |
notify me for failures. |
64 |
|
65 |
There is an addressbook available, as a replacement to userinfo.xml we |
66 |
currently have. I'm going to play around with genmap as well to replace the |
67 |
developer map. |
68 |
|
69 |
Since the LDAP work is done, with only bugfixes and small improvements needed |
70 |
here and there, I've started working on the front page. It will follow the |
71 |
steps of the one we currently have. It will be a syndication-like page, |
72 |
combining the info from planet/blogs, news items written by PR team, new |
73 |
packages etc. I also started working on the lxml scripts to parse our XML |
74 |
documentation, and next week I'll plug in the design done in www-redesign |
75 |
repo, and improve it as possible. |
76 |
|
77 |
PS. The report was delayed, because I've been offline pretty frequent due to |
78 |
multiple reasons. I had my last exams, which went good and I probably |
79 |
graduated (finally!), I had to be on another city without internet for some |
80 |
days, and finally, the frequent power cut in Greece (as part of the general |
81 |
strikes, riots and frustration of the economic crysis here) not only kept me |
82 |
offline, but also destroyed one of my drives in my desktop, and one of my home |
83 |
servers completely. I learned from that though, I follow their website for |
84 |
future power cuts. |
85 |
-- |
86 |
Theo Chatzimichos | blog.tampakrap.gr |
87 |
Gentoo KDE/Qt, Planet, Overlays |