Difference between revisions of "Software Evaluation: ps1auth"
(goo ids) |
|||
(7 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | + | {{UpdateNeeded}} | |
+ | |||
+ | Pumping Station: One and hef have worked quite a bit on a Django app that can manage members. Maybe we should use it. | ||
+ | |||
+ | = Deploying a test VM = | ||
+ | |||
+ | hef merged my pull request that fixed the vagrant setup, so just check out the code from https://github.com/hef/ps1auth and follow the readme. Works great. | ||
+ | |||
+ | = New Member Signup Flow = | ||
+ | Okay, so here's how you'd create a new user. | ||
+ | |||
+ | * Go to http://localhost:8001 | ||
+ | * Log in with the superuser account you created | ||
+ | * Click "Member Management" at the top | ||
+ | * Click the "+Person" button | ||
+ | * Fill out the fields. Remember the email address you recorded for the new member. | ||
+ | * Log out | ||
+ | * Click the Activate button on the Login screen | ||
+ | * Enter the email address of the new user you added | ||
− | + | A this point, an email would have been sent if there was an active email server. Since there isn't, the mail ends up in <code>/vagrant/cache/mail</code> on the VM. | |
− | + | * Take the activation link in that email, and change "example.org" to "localhost:8001", and load it up in your browser. | |
+ | * This loads a screen that lets the user create a new username, and password. | ||
− | + | That's about it! | |
− | = Questions and stuff = | + | = Questions and stuff = |
− | * How do we make new users? I figured out how to add someone, but the User field is greyed out. | + | * How do we make new users? I figured out how to add someone, but the User field is greyed out. |
** (thanks to loans): When a user goes to the login screen and clicks Activate, it sends an email. The email looks like this (in the VM, you'll find it in /vagrant/cache/mail): | ** (thanks to loans): When a user goes to the login screen and clicks Activate, it sends an email. The email looks like this (in the VM, you'll find it in /vagrant/cache/mail): | ||
MIME-Version: 1.0 | MIME-Version: 1.0 | ||
Line 23: | Line 42: | ||
http://example.com/zinc/activate/confirm/d3bf02c9-9f5e-45d9-b163-2ec1aad79144 | http://example.com/zinc/activate/confirm/d3bf02c9-9f5e-45d9-b163-2ec1aad79144 | ||
− | The user clicks that link, and is prompted to type in a username of their preference and a password. | + | The user clicks that link, and is prompted to type in a username of their preference and a password. |
− | = Stuff we kind of need to figure out on our own = | + | = Stuff we kind of need to figure out on our own = |
* This appears to speak LDAP, what happens if we point it at FreeIPA/389-ds instead of Samba4/AD? | * This appears to speak LDAP, what happens if we point it at FreeIPA/389-ds instead of Samba4/AD? | ||
− | ** It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension. | + | ** It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension. |
+ | *** FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way. | ||
* I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch. | * I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch. | ||
+ | * There's a bunch of stuff that should be, uh, I'm not sure if l18n is the correct term for it, but the PS1 brand is hard coded in a few places. | ||
+ | |||
+ | = Notes on a FreeIPA compatible fork = | ||
+ | |||
+ | == Location of repo == | ||
+ | https://github.com/sshchicago/ps1auth | ||
+ | |||
+ | This is a fork of hef/ps1auth, with some minor changes to the script to kick it to talking to FreeIPA instead of its local Samba4 server. | ||
+ | |||
+ | == Issues == | ||
+ | Well, for one, the superuser creation script fails due to not having a 'desc' attribute: | ||
+ | |||
+ | ./manage.py createsuperuser | ||
+ | Username: superuser | ||
+ | Password: | ||
+ | Password (again): | ||
+ | Traceback (most recent call last): | ||
+ | File "./manage.py", line 10, in <module> | ||
+ | execute_from_command_line(sys.argv) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 385, in execute_from_command_line | ||
+ | utility.execute() | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 377, in execute | ||
+ | self.fetch_command(subcommand).run_from_argv(self.argv) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 288, in run_from_argv | ||
+ | self.execute(*args, **options.__dict__) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 55, in execute | ||
+ | return super(Command, self).execute(*args, **options) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 338, in execute | ||
+ | output = self.handle(*args, **options) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 160, in handle | ||
+ | self.UserModel._default_manager.db_manager(database).create_superuser(**user_data) | ||
+ | File "/vagrant/accounts/models.py", line 65, in create_superuser | ||
+ | user = self.create_user(object_guid, email=email, password=password) | ||
+ | File "/vagrant/accounts/models.py", line 32, in create_user | ||
+ | ldap_connection = get_ldap_connection() | ||
+ | File "/vagrant/accounts/backends.py", line 13, in get_ldap_connection | ||
+ | l.simple_bind_s(binddn, password) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 208, in simple_bind_s | ||
+ | resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3 | ||
+ | resp_ctrl_classes=resp_ctrl_classes | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4 | ||
+ | ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call | ||
+ | result = func(*args,**kwargs) | ||
+ | ldap.NO_SUCH_OBJECT: {'desc': 'No such object'} | ||
+ | |||
+ | Off to a good start ;) | ||
+ | |||
+ | [[Category:System Administration]] |
Latest revision as of 01:07, 27 January 2022
This article is Out of date. Please update this article and remove this template! |
Pumping Station: One and hef have worked quite a bit on a Django app that can manage members. Maybe we should use it.
Contents
Deploying a test VM
hef merged my pull request that fixed the vagrant setup, so just check out the code from https://github.com/hef/ps1auth and follow the readme. Works great.
New Member Signup Flow
Okay, so here's how you'd create a new user.
- Go to http://localhost:8001
- Log in with the superuser account you created
- Click "Member Management" at the top
- Click the "+Person" button
- Fill out the fields. Remember the email address you recorded for the new member.
- Log out
- Click the Activate button on the Login screen
- Enter the email address of the new user you added
A this point, an email would have been sent if there was an active email server. Since there isn't, the mail ends up in /vagrant/cache/mail
on the VM.
- Take the activation link in that email, and change "example.org" to "localhost:8001", and load it up in your browser.
- This loads a screen that lets the user create a new username, and password.
That's about it!
Questions and stuff
- How do we make new users? I figured out how to add someone, but the User field is greyed out.
- (thanks to loans): When a user goes to the login screen and clicks Activate, it sends an email. The email looks like this (in the VM, you'll find it in /vagrant/cache/mail):
MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: PS1 Account Activation From: noreply@pumpingstationone.org To: user@test.com Date: Tue, 10 Feb 2015 03:55:42 -0000 Message-ID: <20150210035542.1587.78618@archlinux.vagrant.vm> Your activation link is: http://example.com/zinc/activate/confirm/d3bf02c9-9f5e-45d9-b163-2ec1aad79144
The user clicks that link, and is prompted to type in a username of their preference and a password.
Stuff we kind of need to figure out on our own
- This appears to speak LDAP, what happens if we point it at FreeIPA/389-ds instead of Samba4/AD?
- It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension.
- FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way.
- It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension.
- I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch.
- There's a bunch of stuff that should be, uh, I'm not sure if l18n is the correct term for it, but the PS1 brand is hard coded in a few places.
Notes on a FreeIPA compatible fork
Location of repo
https://github.com/sshchicago/ps1auth
This is a fork of hef/ps1auth, with some minor changes to the script to kick it to talking to FreeIPA instead of its local Samba4 server.
Issues
Well, for one, the superuser creation script fails due to not having a 'desc' attribute:
./manage.py createsuperuser Username: superuser Password: Password (again): Traceback (most recent call last): File "./manage.py", line 10, in <module> execute_from_command_line(sys.argv) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 385, in execute_from_command_line utility.execute() File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 377, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 288, in run_from_argv self.execute(*args, **options.__dict__) File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 55, in execute return super(Command, self).execute(*args, **options) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 338, in execute output = self.handle(*args, **options) File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 160, in handle self.UserModel._default_manager.db_manager(database).create_superuser(**user_data) File "/vagrant/accounts/models.py", line 65, in create_superuser user = self.create_user(object_guid, email=email, password=password) File "/vagrant/accounts/models.py", line 32, in create_user ldap_connection = get_ldap_connection() File "/vagrant/accounts/backends.py", line 13, in get_ldap_connection l.simple_bind_s(binddn, password) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 208, in simple_bind_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3 resp_ctrl_classes=resp_ctrl_classes File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}
Off to a good start ;)