| 1 |
Quick summary: |
| 2 |
|
| 3 |
I'm writing a CMS for the Gentoo website, that will offer an LDAP web |
| 4 |
interface, plus it will replace Gorg and provide Beacon as WYSIWYG editor to |
| 5 |
edit the XML files. |
| 6 |
|
| 7 |
The past two weeks I've finished the LDAP bits, plus I've added some more |
| 8 |
features mostly needed for development purposes. In the settings files, the |
| 9 |
administrator can provide a bunch of variables: |
| 10 |
- the OU(s) the users are stored (there is support for multiple OUs, for |
| 11 |
example to separate users from developers with ou=users and ou=developers, |
| 12 |
while keeping unique usernames) |
| 13 |
- the credentials for the anon user (minimal privileged user to perform LDAP |
| 14 |
queries in case the anonymous search is disabled, both cases are covered in |
| 15 |
the app) |
| 16 |
- credentials of the admin user (needed mostly for user creation), the |
| 17 |
objectClasses for new users, the base attribute to search for users (uid and |
| 18 |
cn are the most common) |
| 19 |
- a map with user profile attributes (Django has only |
| 20 |
username/password/email/real name in its base profile, it is easily extendable |
| 21 |
though by specifying a connection between user profile fields and LDAP |
| 22 |
attributes) |
| 23 |
- a map with LDAP and ACP groups (for example, is_infra, is_devrel etc, |
| 24 |
depending on the LDAP permissions the user is able to view or touch other |
| 25 |
user's data) |
| 26 |
|
| 27 |
The login system had to change though. Robin wanted mail logins instead of |
| 28 |
username logins. This needed a lot of changes, since in LDAP mail is a multi- |
| 29 |
valued attribute, and in Django is single-valued field. I created an all_mails |
| 30 |
field in user profile instead, that has all the mails, but the user has to |
| 31 |
verify about them first. In initial registration, the user's mail is stored in |
| 32 |
a DB table, along with a 30char string, and a mail is sent to the user which |
| 33 |
contains the same string in the form of a URL. The system checks if those two |
| 34 |
match, and if they do, it removes the entry from that table and moves the mail |
| 35 |
to the user's LDAP mail attribute (and in the all_mails field in the DB, if |
| 36 |
applicable). The same procedure is followed when the user wants to add a new |
| 37 |
email to his account, for which he has to verify before getting it in the |
| 38 |
list. Afterwards, the user can log in with any of those emails he has verified. |
| 39 |
For password recovery, the user fills in the mail he wants to use for that |
| 40 |
session. |
| 41 |
|
| 42 |
The user profile is extendable, if other people want to use the LDAP frontend. |
| 43 |
For now there is a GentooProfile class that extends the UserProfile class, that |
| 44 |
has gentoo-specific fields based on the LDAP attributes Gentoo uses, plus the |
| 45 |
custom gentoo LDAP schema. |
| 46 |
|
| 47 |
User settings are available, under accounts/$USER subURL. The system checks if |
| 48 |
the URL maps to the user currently logged in, or another user in the LDAP |
| 49 |
server, then checks if the user is in the DB, migrates it if not, and shows |
| 50 |
the fields according to the logged in user's permissions. Edit settings is also |
| 51 |
available and works with the same logic. |
| 52 |
|
| 53 |
I've also added a lot of docstrings there, and started messing around with |
| 54 |
sphinx. |
| 55 |
|
| 56 |
The logging system is improved as well. The errors are printed in console if |
| 57 |
the project is run with Django's runserver for development purposes, and in |
| 58 |
/var/log/messages (which is configurable, it can go to a dedicated dir easily) |
| 59 |
for production use. |
| 60 |
|
| 61 |
More tests were written, and the ebuild is almost complete. I've set up an |
| 62 |
instance in one of my home servers, which will run tests automatically and |
| 63 |
notify me for failures. |
| 64 |
|
| 65 |
There is an addressbook available, as a replacement to userinfo.xml we |
| 66 |
currently have. I'm going to play around with genmap as well to replace the |
| 67 |
developer map. |
| 68 |
|
| 69 |
Since the LDAP work is done, with only bugfixes and small improvements needed |
| 70 |
here and there, I've started working on the front page. It will follow the |
| 71 |
steps of the one we currently have. It will be a syndication-like page, |
| 72 |
combining the info from planet/blogs, news items written by PR team, new |
| 73 |
packages etc. I also started working on the lxml scripts to parse our XML |
| 74 |
documentation, and next week I'll plug in the design done in www-redesign |
| 75 |
repo, and improve it as possible. |
| 76 |
|
| 77 |
PS. The report was delayed, because I've been offline pretty frequent due to |
| 78 |
multiple reasons. I had my last exams, which went good and I probably |
| 79 |
graduated (finally!), I had to be on another city without internet for some |
| 80 |
days, and finally, the frequent power cut in Greece (as part of the general |
| 81 |
strikes, riots and frustration of the economic crysis here) not only kept me |
| 82 |
offline, but also destroyed one of my drives in my desktop, and one of my home |
| 83 |
servers completely. I learned from that though, I follow their website for |
| 84 |
future power cuts. |
| 85 |
-- |
| 86 |
Theo Chatzimichos | blog.tampakrap.gr |
| 87 |
Gentoo KDE/Qt, Planet, Overlays |
Archives