[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bugs, LDAP and Observations
From: |
Andre van Eyssen |
Subject: |
Bugs, LDAP and Observations |
Date: |
Wed, 06 Jan 2021 04:04:05 +1100 (AEDT) |
User-agent: |
Alpine 2.21 (GSO 202 2017-01-01) |
Hi all,
I can't log a bug/case for any of these, because the bug tracker is down
-- out of disk space, apparently. Also, the wiki has an expired SSL
certificate, which someone might want to tidy up at some point.
Screenshots for reference.
https://nc.purplecow.org/s/FFpKHoYWASSX6SP
https://nc.purplecow.org/s/A9jYMLqdfNdtMkt
The version of sqlalchemy was pinned down to version less than 1.2, which
doesn't work with postgres 12. Bumping this to 1.3.0 appeared to fix the
postgres problem without dragging in any other obvious errors. I noted
this comment in setup.py:
'sqlalchemy<1.2', # uncap once https://github.com/wtforms/wtforms/issues/373
is fixed
There's some conflict with the install_requires and dep chain which leads
to requests failing out on idna being the wrong version, adding
'idna==2.9',
to the start of the install_requires seemed to fix that without further
issues.
The LDAP plugin is naive and has a limitation which expects the user DN to
be the username. In my experience, most LDAP deployments have cn= as the
RDN and this is usually a full name or similar, not a username. The most
common approach is to bind with a bind user, search for a cn= based on uid
and then attempt to bind with that cn.
I'm absolutely not a python developer, but I hacked it into working. I
know I need to add filter support and tidy it up but I figured I'd include
it since a whinge always goes better with an attempt at a solution. It
wouldn't surprise me if it was a less than optimally secure effort,
either.
https://secure.purplecow.org/git/avenger/mediagoblin-hacks
Thinking of LDAP, I would think that one should have an option to
automatically approve/register an account if it can be authorized by LDAP.
Enabling 'registration' seems at odds with having no mechanism to
provision an account.
Finally, the ability to have a gallery of STL/OBJ really is a great
feature and I know there's a lot of frustration out there with the current
options for providing browseable 3D objects.
Have a cheery 2021!
Andre.
--
Andre van Eyssen. Phone: +61 417 211 788
mail: andre@purplecow.org http://andre.purplecow.org
About & Contact: http://www.purplecow.org/andre.html
- Bugs, LDAP and Observations,
Andre van Eyssen <=