LDAP Authentication #73
Conversation
|
f40903b does not include automatic deactivation of LDAP if an import fails. Is this needed?
which is the only case where an |
|
For thoroughness I think it certainly can't hurt... |
|
I set up sagenb/ldap at https://rmartinjak.de:8080/ in case anybody wants to play around a bit. User / Password: |
|
Judging from the many merges, I take it that you have done a great job of keeping up with master. Is this ready to go? Did anyone review it? |
|
It looks like you might still be working on this? Is that right? |
|
I just modified some small parts because I found the code a bit ugly (especially the exception handling should be much cleaner now) |
Conflicts: sagenb/data/sage/html/settings/user_management.html sagenb/notebook/user.py
|
Okay, so we just need someone to review it. |
|
How is review done? I couldn't find much in http://www.sagemath.org/doc/developer/sagenb/index.html except "Ask for code review!" |
|
AFAIK it's similar to the review process for Sage itself (?), i.e. someone who knows what they're talking about should come along and say it looks good, and then we can merge it... problem is I don't know who knows enough about LDAP to review this (maybe @ijstokes, if he's still doing Sage development?). It's really a shame how long this pull request has been sitting around and how many merge commits you've made... |
| # so we can turn this auth method on/off | ||
| self._auth_methods = { | ||
| 'auth_ldap': LdapAuth(self._conf), | ||
| } |
There was a problem hiding this comment.
I'm not 100% happy with this solution. Probably a "constant" in server_conf would be better than a string. Or maybe somebody has a better idea.
|
Can people who are using this code just chime in and say "it works"? If there are at least two such groups, then we should simply merge this set of patches. It is an often asked for functionality and so it should go in. I know that it used to work with sage-4.7, and still works with that installation (the servers are still running happily). But quite a bit has changed in the meanwhile (4.7 was almost two years ago). |
|
We've been using it with 5.5 for some weeks and haven't encountered any problems so far. |
|
Well, we initially wanted this functionality and asked rmartinjak to extend the code, which he did. We are using this over a year now with sage 4.7 and recently with sage 5.5 for university-courses. We can surely say: it works :) |
| @@ -1369,7 +1369,7 @@ def html_specific_revision(self, username, ws, rev): | |||
| username = username, rev = rev, prev_rev = prev_rev, | |||
| next_rev = next_rev, time_ago = time_ago) | |||
|
|
|||
| def html_share(self, worksheet, username): | |||
| def html_share(self, worksheet, username, lookup=None): | |||
There was a problem hiding this comment.
The documentation to html_share should be updated to explain this lookup parameter
|
The changes to the share page probably shouldn't be added, at least until we have a better system for managing shared worksheets. On the one hand, it's nice to have a search, but on the other hand, it exposes the exact same sort of problems that we had before---it is trivial for someone to spam a huge number of people with a shared worksheet. |
|
@jasongrout Maybe the lookup code can be kept around, and only the lookup parameter removed from the function definition so that it can enabled in the future. |
|
With the search users feature removed, I don't see anything else jump out at me as a cause for concern. I haven't tested this, though. |
|
And thanks for working on this! I will likely use it this fall. |
|
Thanks a lot for the updates! I checked that the notebook is still working (local and openid) with the new updates. Merging this now. |
Introduce LDAP Authentication into the notebook.
"Update" to Trac #11501
Optional user authentication via LDAP (only visible in the notebook settings if
python-ldapis installed)(in order to not list all users found in LDAP, the "share worksheet" page now has a search box instead of the list. [Bonus: search results are added to the textbox if you click them])