I’m writing a CMS for the Gentoo website, that will offer an LDAP web interface, plus it will replace Gorg and provide Beacon as WYSIWYG editor to edit the XML files.
- the OU(s) the users are stored (there is support for multiple OUs, for example to separate users from developers with ou=users and ou=developers, while keeping unique usernames)
- the credentials for the anon user (minimal privileged user to perform LDAP queries in case the anonymous search is disabled, both cases are covered in the app)
- credentials of the admin user (needed mostly for user creation), the objectClasses for new users, the base attribute to search for users (uid and cn are the most common)
- a map with user profile attributes (Django has only username/password/email/real name in its base profile, it is easily extendable though by specifying a connection between user profile fields and LDAP attributes)
- a map with LDAP and ACP groups (for example, is_infra, is_devrel etc, depending on the LDAP permissions the user is able to view or touch other user’s data)
The login system had to change though. Robin wanted mail logins instead of username logins. This needed a lot of changes, since in LDAP mail is a multi-valued attribute, and in Django is single-valued field. I created an all_mails field in user profile instead, that has all the mails, but the user has to verify about them first. In initial registration, the user’s mail is stored in a DB table, along with a 30char string, and a mail is sent to the user which contains the same string in the form of a URL. The system checks if those two match, and if they do, it removes the entry from that table and moves the mail to the user’s LDAP mail attribute (and in the all_mails field in the DB, if applicable). The same procedure is followed when the user wants to add a new email to his account, for which he has to verify before getting it in the list. Afterwards, the user can log in with any of those emails he has verified. For password recovery, the user fills in the mail he wants to use for that session.
The user profile is extendable, if other people want to use the LDAP frontend. For now there is a GentooProfile class that extends the UserProfile class, that has gentoo-specific fields based on the LDAP attributes Gentoo uses, plus the custom gentoo LDAP schema.
User settings are available, under accounts/$USER subURL. The system checks if the URL maps to the user currently logged in, or another user in the LDAP server, then checks if the user is in the DB, migrates it if not, and shows the fields according to the logged in user’s permissions. Edit settings is also available and works with the same logic.
I’ve also added a lot of docstrings there, and started messing around with sphinx.
The logging system is improved as well. The errors are printed in console if the project is run with Django’s runserver for development purposes, and in /var/log/messages (which is configurable, it can go to a dedicated dir easily) for production use.
More tests were written, and the ebuild is almost complete. I’ve set up an instance in one of my home servers, which will run tests automatically and notify me for failures.
There is an addressbook available, as a replacement to userinfo.xml we currently have. I’m going to play around with genmap as well to replace the developer map.
Since the LDAP work is done, with only bugfixes and small improvements needed here and there, I’ve started working on the front page. It will follow the steps of the one we currently have. It will be a syndication-like page, combining the info from planet/blogs, news items written by PR team, new packages etc. I also started working on the lxml scripts to parse our XML documentation, and next week I’ll plug in the design done in www-redesign repo, and improve it as possible.
PS. The report was delayed, because I’ve been offline pretty frequent due to multiple reasons. I had my last exams, which went good and I probably graduated (finally!), I had to be on another city without internet for some days, and finally, the frequent power cut in Greece (as part of the general strikes, riots and frustration of the economic crysis here) not only kept me offline, but also destroyed one of my drives in my desktop, and one of my home servers completely. I learned from that though, I follow their website for future power cuts.