-
Notifications
You must be signed in to change notification settings - Fork 64
Setting up mcsimulator with LDAP authentication (debian)
Get system-wide dependencies:
$ sudo apt-get install libopenmpi-dev python-pip
$ sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
$ sudo apt-get install python-virtualenv
$ sudo apt-get install nginx
Set up the virtual environment "mcvenv" and pip dependencies into it:
$ virtualenv mcvenv
$ source mcvenv/bin/activate
$ pip install django simplejson django_auth_ldap uwsgi python-ldap
Download and install mcsimulator:
$ source mcvenv/bin/activate
$ git clone https://github.com/McStasMcXtrace/McWeb
$ cd McWeb
$ python manage.py syncdb
$ python manage.py generate_docs
$ ./bin/update-simulations.sh
$ python manage.py populate_db
$ cd ..
Set user rights to www-data for everything:
$ sudo chown -R www-data:www-data mcvenv McWeb
$ sudo chmod -R g+w mcvenv McWeb
In McWeb/mcweb_uwsgi.ini, change the paths in the to correspond to your setup (must be absolute).
Appropriately change the VIRTUALENV and DIR variable values in the file McWeb/scripts/uwsgi. Create a symlink of this in /etc/init.d/, e.g.:
$ ln -s /srv/mcweb/McWeb/scripts/uwsgi /etc/init.d/uwsgi_mcweb
Have a single server config contain all of mcsimulator, mediawiki and moodle. Altering a copy of the default configuration is by far the easiest. Add this to your nginx configuration to enable mcsimulator:
rewrite ^/simulator/(.*)$ /;
location /static {
alias /srv/mcweb/McWeb/static;
}
location /out {
alias /srv/mcweb/McWeb/out;
}
location / {
uwsgi_pass unix:/srv/mcweb/McWeb/mcweb.sock;
include /srv/mcweb/McWeb/nginx/uwsgi_params; #these also exist in /etc/nginx/
}
After altering any configurations, restarte nginx:
$ sudo service nginx restart
Use the following to get mcsimulator online:
$ sudo /etc/init.d/uwsgi start/stop/status
$ sudo service nginx start/stop/status
NOTE: You must stop and start the webserver for changes to static content to take effect (and thus, after installing mcsimulator). You must also stop apache2, if it is running on your system (sudo service apache2 stop). Finally, please note that the entire path of folders containing the web app, all the way to "/", must have rx rights on them for www-data.
Install open ldap "slapd" and ldap-utils:
$ apt-get install slapd ldap-utils
When prompted for the ldap admin password, keep in mind that this is required to set up LDAP access. If you happen to lose the password, or if want to reset it, simply use:
$ dpkg-reconfigure slapd
The ldap database has to be set up and this is done by a Python script inlcuded with the mcstas simulator app. Go to the directory .../McWeb/ldifs/ and run:
$ python ldap_initdb.py <dn> <pw>
where dn is the ldap "distinguished name" and pw is the ldap admin password. The ldap dn runs along the lines of dc=fysik,dc=dtu,dc=dk. To identify the ldap dn, run (with root access):
$ slapcat | more
This command outputs the ldap database, and the top line contains the dn that you need.
Now, you can add users to the ldap database by first creating a text file (csv) and putting user data in it. This must have the format of username, password, simgroup1, ... and then a newline. The "..." denotes that you can add the user to multiple simgroups. Now run this command:
$ python ldap_addusers <dn> <pw> <user-file.csv>
They utility will simultaneously add users to the appropriate simulation groups.
-
In the file .../McWeb/mcwww/settings.py, change the value of
AUTH_LDAP_USER_SEARCHto conform to your ldap dn (the one you identified above). -
Notice the variable
AUTHENTICATION_BACKENDSin the same file (settings.py). This contains two lines, one of which is out-commented. This should be the django model backend, and not the ldap backend. Please make sure the django model backend is disabled. Otherwise, LDAP auth will effectively be overridden by the local login.