Difference between revisions of "Software Evaluation: ps1auth"
m (Bot: Cosmetic changes) |
|||
Line 1: | Line 1: | ||
− | + | Pumping Station: One and hef have worked quite a bit on a Django app that can manage members. Maybe we should use it. | |
− | |||
− | Pumping Station: One and hef have worked quite a bit on a Django app that can manage members. Maybe we should use it. | ||
− | = Deploying a test VM = | + | = Deploying a test VM = |
hef merged my pull request that fixed the vagrant setup, so just check out the code from https://github.com/hef/ps1auth and follow the readme. Works great. | hef merged my pull request that fixed the vagrant setup, so just check out the code from https://github.com/hef/ps1auth and follow the readme. Works great. | ||
− | = New Member Signup Flow = | + | = New Member Signup Flow = |
− | Okay, so here's how you'd create a new user. | + | Okay, so here's how you'd create a new user. |
* Go to http://localhost:8001 | * Go to http://localhost:8001 | ||
Line 14: | Line 12: | ||
* Click "Member Management" at the top | * Click "Member Management" at the top | ||
* Click the "+Person" button | * Click the "+Person" button | ||
− | * Fill out the fields. Remember the email address you recorded for the new member. | + | * Fill out the fields. Remember the email address you recorded for the new member. |
* Log out | * Log out | ||
* Click the Activate button on the Login screen | * Click the Activate button on the Login screen | ||
* Enter the email address of the new user you added | * Enter the email address of the new user you added | ||
− | A this point, an email would have been sent if there was an active email server. Since there isn't, the mail ends up in <code>/vagrant/cache/mail</code> on the VM. | + | A this point, an email would have been sent if there was an active email server. Since there isn't, the mail ends up in <code>/vagrant/cache/mail</code> on the VM. |
− | * Take the activation link in that email, and change "example.org" to "localhost:8001", and load it up in your browser. | + | * Take the activation link in that email, and change "example.org" to "localhost:8001", and load it up in your browser. |
− | * This loads a screen that lets the user create a new username, and password. | + | * This loads a screen that lets the user create a new username, and password. |
That's about it! | That's about it! | ||
− | = Questions and stuff = | + | = Questions and stuff = |
− | * How do we make new users? I figured out how to add someone, but the User field is greyed out. | + | * How do we make new users? I figured out how to add someone, but the User field is greyed out. |
** (thanks to loans): When a user goes to the login screen and clicks Activate, it sends an email. The email looks like this (in the VM, you'll find it in /vagrant/cache/mail): | ** (thanks to loans): When a user goes to the login screen and clicks Activate, it sends an email. The email looks like this (in the VM, you'll find it in /vagrant/cache/mail): | ||
MIME-Version: 1.0 | MIME-Version: 1.0 | ||
Line 42: | Line 40: | ||
http://example.com/zinc/activate/confirm/d3bf02c9-9f5e-45d9-b163-2ec1aad79144 | http://example.com/zinc/activate/confirm/d3bf02c9-9f5e-45d9-b163-2ec1aad79144 | ||
− | The user clicks that link, and is prompted to type in a username of their preference and a password. | + | The user clicks that link, and is prompted to type in a username of their preference and a password. |
− | = Stuff we kind of need to figure out on our own = | + | = Stuff we kind of need to figure out on our own = |
* This appears to speak LDAP, what happens if we point it at FreeIPA/389-ds instead of Samba4/AD? | * This appears to speak LDAP, what happens if we point it at FreeIPA/389-ds instead of Samba4/AD? | ||
− | ** It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension. | + | ** It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension. |
− | *** FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way. | + | *** FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way. |
* I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch. | * I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch. | ||
− | * There's a bunch of stuff that should be, uh, I'm not sure if l18n is the correct term for it, but the PS1 brand is hard coded in a few places. | + | * There's a bunch of stuff that should be, uh, I'm not sure if l18n is the correct term for it, but the PS1 brand is hard coded in a few places. |
− | = Notes on a FreeIPA compatible fork = | + | = Notes on a FreeIPA compatible fork = |
== Location of repo == | == Location of repo == | ||
Line 59: | Line 57: | ||
This is a fork of hef/ps1auth, with some minor changes to the script to kick it to talking to FreeIPA instead of its local Samba4 server. | This is a fork of hef/ps1auth, with some minor changes to the script to kick it to talking to FreeIPA instead of its local Samba4 server. | ||
− | == Issues == | + | == Issues == |
Well, for one, the superuser creation script fails due to not having a 'desc' attribute: | Well, for one, the superuser creation script fails due to not having a 'desc' attribute: | ||
Line 98: | Line 96: | ||
Off to a good start ;) | Off to a good start ;) | ||
+ | |||
+ | [[Category:System Administration]] |
Revision as of 22:25, 27 February 2017
Pumping Station: One and hef have worked quite a bit on a Django app that can manage members. Maybe we should use it.
Contents
Deploying a test VM
hef merged my pull request that fixed the vagrant setup, so just check out the code from https://github.com/hef/ps1auth and follow the readme. Works great.
New Member Signup Flow
Okay, so here's how you'd create a new user.
- Go to http://localhost:8001
- Log in with the superuser account you created
- Click "Member Management" at the top
- Click the "+Person" button
- Fill out the fields. Remember the email address you recorded for the new member.
- Log out
- Click the Activate button on the Login screen
- Enter the email address of the new user you added
A this point, an email would have been sent if there was an active email server. Since there isn't, the mail ends up in /vagrant/cache/mail
on the VM.
- Take the activation link in that email, and change "example.org" to "localhost:8001", and load it up in your browser.
- This loads a screen that lets the user create a new username, and password.
That's about it!
Questions and stuff
- How do we make new users? I figured out how to add someone, but the User field is greyed out.
- (thanks to loans): When a user goes to the login screen and clicks Activate, it sends an email. The email looks like this (in the VM, you'll find it in /vagrant/cache/mail):
MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: PS1 Account Activation From: noreply@pumpingstationone.org To: user@test.com Date: Tue, 10 Feb 2015 03:55:42 -0000 Message-ID: <20150210035542.1587.78618@archlinux.vagrant.vm> Your activation link is: http://example.com/zinc/activate/confirm/d3bf02c9-9f5e-45d9-b163-2ec1aad79144
The user clicks that link, and is prompted to type in a username of their preference and a password.
Stuff we kind of need to figure out on our own
- This appears to speak LDAP, what happens if we point it at FreeIPA/389-ds instead of Samba4/AD?
- It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension.
- FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way.
- It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension.
- I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch.
- There's a bunch of stuff that should be, uh, I'm not sure if l18n is the correct term for it, but the PS1 brand is hard coded in a few places.
Notes on a FreeIPA compatible fork
Location of repo
https://github.com/sshchicago/ps1auth
This is a fork of hef/ps1auth, with some minor changes to the script to kick it to talking to FreeIPA instead of its local Samba4 server.
Issues
Well, for one, the superuser creation script fails due to not having a 'desc' attribute:
./manage.py createsuperuser Username: superuser Password: Password (again): Traceback (most recent call last): File "./manage.py", line 10, in <module> execute_from_command_line(sys.argv) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 385, in execute_from_command_line utility.execute() File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 377, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 288, in run_from_argv self.execute(*args, **options.__dict__) File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 55, in execute return super(Command, self).execute(*args, **options) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 338, in execute output = self.handle(*args, **options) File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 160, in handle self.UserModel._default_manager.db_manager(database).create_superuser(**user_data) File "/vagrant/accounts/models.py", line 65, in create_superuser user = self.create_user(object_guid, email=email, password=password) File "/vagrant/accounts/models.py", line 32, in create_user ldap_connection = get_ldap_connection() File "/vagrant/accounts/backends.py", line 13, in get_ldap_connection l.simple_bind_s(binddn, password) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 208, in simple_bind_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3 resp_ctrl_classes=resp_ctrl_classes File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}
Off to a good start ;)