Difference between revisions of "Software Evaluation: ps1auth"
Jump to navigation
Jump to search
(UniqueIDs and goo eds) |
(ldap'd) |
||
Line 31: | Line 31: | ||
*** FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way. | *** FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way. | ||
* I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch. | * I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch. | ||
+ | |||
+ | = Notes on a FreeIPA compatible fork = | ||
+ | |||
+ | == Location of repo == | ||
+ | https://github.com/sshchicago/ps1auth | ||
+ | |||
+ | This is a fork of hef/ps1auth, with some minor changes to the script to kick it to talking to FreeIPA instead of its local Samba4 server. | ||
+ | |||
+ | == Issues == | ||
+ | Well, for one, the superuser creation script fails due to not having a 'desc' attribute: | ||
+ | |||
+ | ./manage.py createsuperuser | ||
+ | Username: superuser | ||
+ | Password: | ||
+ | Password (again): | ||
+ | Traceback (most recent call last): | ||
+ | File "./manage.py", line 10, in <module> | ||
+ | execute_from_command_line(sys.argv) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 385, in execute_from_command_line | ||
+ | utility.execute() | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 377, in execute | ||
+ | self.fetch_command(subcommand).run_from_argv(self.argv) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 288, in run_from_argv | ||
+ | self.execute(*args, **options.__dict__) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 55, in execute | ||
+ | return super(Command, self).execute(*args, **options) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 338, in execute | ||
+ | output = self.handle(*args, **options) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 160, in handle | ||
+ | self.UserModel._default_manager.db_manager(database).create_superuser(**user_data) | ||
+ | File "/vagrant/accounts/models.py", line 65, in create_superuser | ||
+ | user = self.create_user(object_guid, email=email, password=password) | ||
+ | File "/vagrant/accounts/models.py", line 32, in create_user | ||
+ | ldap_connection = get_ldap_connection() | ||
+ | File "/vagrant/accounts/backends.py", line 13, in get_ldap_connection | ||
+ | l.simple_bind_s(binddn, password) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 208, in simple_bind_s | ||
+ | resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3 | ||
+ | resp_ctrl_classes=resp_ctrl_classes | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4 | ||
+ | ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) | ||
+ | File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call | ||
+ | result = func(*args,**kwargs) | ||
+ | ldap.NO_SUCH_OBJECT: {'desc': 'No such object'} | ||
+ | |||
+ | Off to a good start ;) |
Revision as of 22:44, 26 February 2015
Pumping Station: One and hef have worked quite a bit on a Django app that can manage members. Maybe we should use it.
Contents
Deploying a test VM
hef merged my pull request that broke the vagrant setup, so just check out the code from https://github.com/hef/ps1auth and follow the readme. Works great.
Questions and stuff
- How do we make new users? I figured out how to add someone, but the User field is greyed out.
- (thanks to loans): When a user goes to the login screen and clicks Activate, it sends an email. The email looks like this (in the VM, you'll find it in /vagrant/cache/mail):
MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: PS1 Account Activation From: noreply@pumpingstationone.org To: user@test.com Date: Tue, 10 Feb 2015 03:55:42 -0000 Message-ID: <20150210035542.1587.78618@archlinux.vagrant.vm> Your activation link is: http://example.com/zinc/activate/confirm/d3bf02c9-9f5e-45d9-b163-2ec1aad79144
The user clicks that link, and is prompted to type in a username of their preference and a password.
Stuff we kind of need to figure out on our own
- This appears to speak LDAP, what happens if we point it at FreeIPA/389-ds instead of Samba4/AD?
- It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension.
- FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way.
- It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension.
- I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch.
Notes on a FreeIPA compatible fork
Location of repo
https://github.com/sshchicago/ps1auth
This is a fork of hef/ps1auth, with some minor changes to the script to kick it to talking to FreeIPA instead of its local Samba4 server.
Issues
Well, for one, the superuser creation script fails due to not having a 'desc' attribute:
./manage.py createsuperuser Username: superuser Password: Password (again): Traceback (most recent call last): File "./manage.py", line 10, in <module> execute_from_command_line(sys.argv) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 385, in execute_from_command_line utility.execute() File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 377, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 288, in run_from_argv self.execute(*args, **options.__dict__) File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 55, in execute return super(Command, self).execute(*args, **options) File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 338, in execute output = self.handle(*args, **options) File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 160, in handle self.UserModel._default_manager.db_manager(database).create_superuser(**user_data) File "/vagrant/accounts/models.py", line 65, in create_superuser user = self.create_user(object_guid, email=email, password=password) File "/vagrant/accounts/models.py", line 32, in create_user ldap_connection = get_ldap_connection() File "/vagrant/accounts/backends.py", line 13, in get_ldap_connection l.simple_bind_s(binddn, password) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 208, in simple_bind_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3 resp_ctrl_classes=resp_ctrl_classes File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}
Off to a good start ;)