From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QVFBt-0002dI-Uq for garchives@archives.gentoo.org; Sat, 11 Jun 2011 03:48:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 864E61C001; Sat, 11 Jun 2011 03:48:33 +0000 (UTC) Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 354901C001 for ; Sat, 11 Jun 2011 03:48:32 +0000 (UTC) Received: by wwj40 with SMTP id 40so3032057wwj.10 for ; Fri, 10 Jun 2011 20:48:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:from:to:subject:date:message-id :user-agent:mime-version:content-type:content-transfer-encoding; bh=QiEOfJYxBaxUZtFuCvlnhZQrtL1BE9V2bdJFr9ONRDI=; b=VZ+N2bOOt/1LGPQjJlk0JgayB++5tkXz1Tg6wwh5P7FX5JIDmNqxxxRiaKsPlzSHC9 U/pB3qR8PbmAZMQx0vclpuPVl/93cIv6UDguJWoIMWSsXNoorS/MAmnxte1d6wjyF6Yw 2JricO8/gJuQfFjZYW3XtafT0M8XEn1v74TfA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:from:to:subject:date:message-id:user-agent:mime-version :content-type:content-transfer-encoding; b=RtggHwuh9HJCbNdqL63N+VjzftPaab0P5Sook/ruGrHMEWvPPe92oIZFvZRBpghu9E Tf4Kodt4tLMT9sEu+x0/kTLXkfjcyiFkeIdsiuIov0JoSgoAY9U8c0HekwSGFrJbl6q4 C+KvH3ucYKEiMBT3VTqRgpi2KyQiiANCwKuLo= Received: by 10.216.255.206 with SMTP id j56mr390837wes.39.1307764110925; Fri, 10 Jun 2011 20:48:30 -0700 (PDT) Received: from canibus.localnet (ppp-94-66-137-138.home.otenet.gr [94.66.137.138]) by mx.google.com with ESMTPS id gb6sm2493541wbb.17.2011.06.10.20.48.28 (version=SSLv3 cipher=OTHER); Fri, 10 Jun 2011 20:48:29 -0700 (PDT) Sender: Theo Chatzimichos From: Theo Chatzimichos To: gentoo-soc@lists.gentoo.org Subject: [gentoo-soc] Okupy - Report #2 Date: Sat, 11 Jun 2011 06:48:22 +0300 Message-ID: <2078961.XaoxN2P7bB@canibus> User-Agent: KMail/4.6.0 (Linux/2.6.39-gentoo-r1; KDE/4.6.3; x86_64; ; ) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-soc@lists.gentoo.org Reply-to: gentoo-soc@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3453709.ZzzgPU4YAh"; micalg="pgp-sha1"; protocol="application/pgp-signature" Content-Transfer-Encoding: 7Bit X-Archives-Salt: X-Archives-Hash: 3916f3f49b2a1342adb6dff328431625 --nextPart3453709.ZzzgPU4YAh Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" This comes with a dealy, as I've been sick the past days. The LDAP related code is 90% done. It now has the following features: - Login to the system (report #1 explains in detail how login works). It previously was using only the basic info (real name, primary email), but now it is configurable to use more info, where the sysadmin is able to define in the config files. This was easy to do, by creating a second dictionary to map the django user profile fields with LDAP attributes. - Signup. For this, an admin LDAP account is needed to be put in the config file. The admin account, contrary to other backends, is used only to create new users. Other LDAP implementations use that admin account for everything though. So, now the user declares username/password, the anon account searches if the user already exists (both the username and the email have to be unique), and if not, it creates the account, using the same dictionary to map django DB fields with LDAP attributes. - User settings. There are some forms that allow the user to change his data. This is done by using his own account, and not by using the admin account to do that. A second password is being created for the session, since we didn't want to cache the regular password. (again, report #1 has more info about it). - Map LDAP ACL to Django groups. For that, a special multivalued attribute is used, in gentoo it is called gentooAccess, which contains some *.group entries that specify the user's special permissions. This gives the abillity to a special team to touch other users' data, eg infra. While the mapping is complete, the UI is not yet. Other things that I did: - I set up the service in one of my home servers, so that Matt can test it too. The LDAP used there is very minimalistic. - I gave Robin some cfengine patches for both the webapp and the LDAP (which should be as much identical to the official as possible). They are not complete yet though. Once the webapp is up and running in vulture ( the soc.dev server) I'll be able to test it in our official configuration. What I'm going to do during the weekend: - Improve documentation (docstrings) and fire up sphinx - Improve logging system - I started writing some tests for the backend, I'm going to finish it, and plus write tests for all the above as well. - Create an ebuild to automate tests - Finish the "touch other users' data" UI After that, the LDAP system will be finished, and let the tests show me bugs. Next week I'll start working on the website part, beginning with the LXML parsing of our docs. -- Theo Chatzimichos | blog.tampakrap.gr Gentoo KDE/Qt, Planet, Overlays --nextPart3453709.ZzzgPU4YAh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk3y5YoACgkQjDdoMVfcAHh11wCeKhjJKDM2t0bfrIMmRsrndOGV D3gAoMAn5STpVtWj/VyuOe/4jXNSw7n1 =oWCU -----END PGP SIGNATURE----- --nextPart3453709.ZzzgPU4YAh--