mediagoblin-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bugs, LDAP and Observations


From: Andre van Eyssen
Subject: Bugs, LDAP and Observations
Date: Wed, 06 Jan 2021 04:04:05 +1100 (AEDT)
User-agent: Alpine 2.21 (GSO 202 2017-01-01)

Hi all,

I can't log a bug/case for any of these, because the bug tracker is down -- out of disk space, apparently. Also, the wiki has an expired SSL certificate, which someone might want to tidy up at some point. Screenshots for reference.

https://nc.purplecow.org/s/FFpKHoYWASSX6SP
https://nc.purplecow.org/s/A9jYMLqdfNdtMkt

The version of sqlalchemy was pinned down to version less than 1.2, which doesn't work with postgres 12. Bumping this to 1.3.0 appeared to fix the postgres problem without dragging in any other obvious errors. I noted this comment in setup.py:
'sqlalchemy<1.2',  # uncap once https://github.com/wtforms/wtforms/issues/373 
is fixed

There's some conflict with the install_requires and dep chain which leads to requests failing out on idna being the wrong version, adding
'idna==2.9',
to the start of the install_requires seemed to fix that without further issues.

The LDAP plugin is naive and has a limitation which expects the user DN to be the username. In my experience, most LDAP deployments have cn= as the RDN and this is usually a full name or similar, not a username. The most common approach is to bind with a bind user, search for a cn= based on uid and then attempt to bind with that cn.

I'm absolutely not a python developer, but I hacked it into working. I know I need to add filter support and tidy it up but I figured I'd include it since a whinge always goes better with an attempt at a solution. It wouldn't surprise me if it was a less than optimally secure effort, either.

https://secure.purplecow.org/git/avenger/mediagoblin-hacks

Thinking of LDAP, I would think that one should have an option to automatically approve/register an account if it can be authorized by LDAP. Enabling 'registration' seems at odds with having no mechanism to provision an account.

Finally, the ability to have a gallery of STL/OBJ really is a great feature and I know there's a lot of frustration out there with the current options for providing browseable 3D objects.

Have a cheery 2021!

Andre.




--
Andre van Eyssen.                  Phone:     +61 417 211 788
mail:     andre@purplecow.org      http://andre.purplecow.org
About & Contact:          http://www.purplecow.org/andre.html



reply via email to

[Prev in Thread] Current Thread [Next in Thread]