| 1 |
This comes with a dealy, as I've been sick the past days. The LDAP related |
| 2 |
code is 90% done. It now has the following features: |
| 3 |
|
| 4 |
- Login to the system (report #1 explains in detail how login works). It |
| 5 |
previously was using only the basic info (real name, primary email), but now |
| 6 |
it is configurable to use more info, where the sysadmin is able to define in the |
| 7 |
config files. This was easy to do, by creating a second dictionary to map the |
| 8 |
django user profile fields with LDAP attributes. |
| 9 |
- Signup. For this, an admin LDAP account is needed to be put in the config |
| 10 |
file. The admin account, contrary to other backends, is used only to create new |
| 11 |
users. Other LDAP implementations use that admin account for everything |
| 12 |
though. So, now the user declares username/password, the anon account searches |
| 13 |
if the user already exists (both the username and the email have to be |
| 14 |
unique), and if not, it creates the account, using the same dictionary to map |
| 15 |
django DB fields with LDAP attributes. |
| 16 |
- User settings. There are some forms that allow the user to change his data. |
| 17 |
This is done by using his own account, and not by using the admin account to |
| 18 |
do that. A second password is being created for the session, since we didn't |
| 19 |
want to cache the regular password. (again, report #1 has more info about it). |
| 20 |
- Map LDAP ACL to Django groups. For that, a special multivalued attribute is |
| 21 |
used, in gentoo it is called gentooAccess, which contains some *.group entries |
| 22 |
that specify the user's special permissions. This gives the abillity to a |
| 23 |
special team to touch other users' data, eg infra. While the mapping is |
| 24 |
complete, the UI is not yet. |
| 25 |
|
| 26 |
Other things that I did: |
| 27 |
|
| 28 |
- I set up the service in one of my home servers, so that Matt can test it |
| 29 |
too. The LDAP used there is very minimalistic. |
| 30 |
- I gave Robin some cfengine patches for both the webapp and the LDAP (which |
| 31 |
should be as much identical to the official as possible). They are not complete |
| 32 |
yet though. Once the webapp is up and running in vulture ( the soc.dev server) |
| 33 |
I'll be able to test it in our official configuration. |
| 34 |
|
| 35 |
What I'm going to do during the weekend: |
| 36 |
|
| 37 |
- Improve documentation (docstrings) and fire up sphinx |
| 38 |
- Improve logging system |
| 39 |
- I started writing some tests for the backend, I'm going to finish it, and |
| 40 |
plus write tests for all the above as well. |
| 41 |
- Create an ebuild to automate tests |
| 42 |
- Finish the "touch other users' data" UI |
| 43 |
|
| 44 |
After that, the LDAP system will be finished, and let the tests show me bugs. |
| 45 |
|
| 46 |
Next week I'll start working on the website part, beginning with the LXML |
| 47 |
parsing of our docs. |
| 48 |
-- |
| 49 |
Theo Chatzimichos | blog.tampakrap.gr |
| 50 |
Gentoo KDE/Qt, Planet, Overlays |
Archives