[Systems] SL Central Login (was Re: [Systems-logs] [DNS] Sugar Labs DNS zone data branch, master, updated. 8f472af67a1177a9644675b1fd2c2af7dff2e77a)

Aleksey Lim alsroot at activitycentral.org
Tue Sep 27 16:57:07 EDT 2011

On Tue, Sep 20, 2011 at 12:42:47PM +0000, Aleksey Lim wrote:
> I think it will be useful to start settling down the question about
> common SL login system, At least the system, Sweets[1], whose testing version
> I'm hopping to publicly anounce this week, after trying to do that at
> Sep 18, will require being authed to release new sofware versions within
> this new system. For now it uses CAS on top of our LDAP but there are
> several issues:
> * to have LDAP record, people need to request for shell account (but
>   there is no need in shell account for Sweets at all, only being
>   authenticated)
> * the process to create this account is not users friendly at all
>   (email request to RT)
> I guess we need to collect all info related to central login on, e.g., [2]
> and have an infrastructure meeting to discuss how [2] might be
> implemented.
> [1] http://wiki.sugarlabs.org/go/Platform_Team/Sweets
> [2] http://wiki.sugarlabs.org/go/Infrastructure_Team/Central_Login

The progress:

 bernie │ here's a proposal:
 bernie │ 1. we export the mediawiki users db to some text file
alsroot │ bernie: at least http://www.mediawiki.org/wiki/Extension:LDAP_Authentication says about creating users in ldap
 bernie │ 2. we convert this data to ldif
 bernie │ 3. we import the ldif into ldap (it does not have to be in ou=People)
 bernie │ alsroot: oh! that will save time
 bernie │ 4. we make CAS fetch users from LDAP
 bernie │ 5. we make mediawiki authenticate users with CAS (this is what we do at the FSF, i know it works well)
 bernie │ 6. we create a page to setup a new account in LDAP (this could be done by mediawiki too if the extension is smart
        │ enough!)
 bernie │ alsroot: throwing CAS in the middle makes things more complex, but we need this if we want to provide a *single
        │ *sign-on
alsroot │ bernie: do you have time to take care about 1-3?
 bernie │ alsroot: if mediawiki does its own authentication against ldap, we have only solved half of the issue: one identity
        │ instead of many separate ones... but users will still have to type in their passwords in each Sugar Labs app
 bernie │ alsroot: i might look into it this week-end
 bernie │ alsroot: maybe earlier
alsroot │ bernie: ok, will experiment w/ wiki-devel for using wiki as a users management tool and using cas for login, if will
        │ manage to finish it, will take a look to merging wiki db


More information about the Systems mailing list