puavo-org / puavo-web Goto Github PK
View Code? Open in Web Editor NEWPuavo Web is a system for managing user accounts and devices primarily at school and education domains.
Home Page: http://puavo.org
License: GNU General Public License v2.0
Puavo Web is a system for managing user accounts and devices primarily at school and education domains.
Home Page: http://puavo.org
License: GNU General Public License v2.0
sssd (https://fedorahosted.org/sssd/) provides NSS and PAM modules to integrate with LDAP and kerberos servers. Instructions on how to best configure sssd to work with puavo-users should be provided.
sssd installation instructions for Ubuntu and more information are available here: http://www.opinsys.fi/en/user-management-with-sssd-on-shared-laptops
Currently kerberos principals are created automatically by smbkrb5pwd when user's password is set for the first time. Puavo-users supports changing uids, but the old principals are not deleted at this point. Old principal entries should be removed from ldap when uid is changed.
User needs simple notice if new or old object is not valid when try to create or update it (School, Role, Group, User). It would be good thing if also highlight error fields.
"We're sorry but something went wrong..." is very typical error-message when using Puavo. It doesn't give enough information to the user and even though it says that administration has been informed, it is not the case. Error-message should tell what the actual problem was and give real instructions what to do.
To reproduce:
What should happen:
The following procedure seems to be possible in the current version of Puavo
As described at the title. Some users look for the Change school tool under the Edit user information function but it is not available there. At the moment it is only available hidden under the arrow at the user information page.
There should be a way to set or clean attributes to multiple users at once (e.g. affiliation, roles, tags). The admin should be able to specify multiple targets by filtering and/or selecting before setting the attributes.
Administrator should be able to search and filter users in user list by different attributes.
School admins should belong automatically to a posixGroup that can be used in applications for authorization.
Samba3 doesn't support natively the attributes and constraints used by puavo-users, so there needs to be a set of scripts similar to smbldap-tools that contact puavo-users to manage hosts and users.
There should be an administrator level between organisation owners and school admins. Organisation admins should be able to add and modify schools, groups, roles, printers and external services. Main difference to school admins would be the ability to configure external services that have access to all schools' information in Puavo.
Add support for Promethean license to Puavo external files.
/etc/xdg/Promethean/ActivInspire/.inspire_license.xml
Puavo should do an LDAP exop password change request to change user's password. Currently it calls the ldappasswd binary with the new password as an argument. libldap-ruby doesn't currently support exop operations so either it needs to be extended or an alternative solution needs to be found.
Basic user should find the needed RSA-key file from someplace he/she can access. Key file is needed for the NX remote desktop.
/opt/primus/primuskurre.exe
/opt/primus/prclient.ini
Make last changes to the Puavo interface based on usability tests.
Admins should be able to manage users using command line tools. Puavo-users provides a REST API that can be contacted by the tools.
In case a user who is a school admin and whose usertype is "ylläpitäjä" is changed to user type opettaja/teacher he still persists as a school admin. He/she is also still capable of logging in to the Puavo administration interface.
This means that if a user is degraded from admin to normal teacher he/she still might accidentally have the right to log in to Puavo. Degrading the user type doesn't affect the ability be a school admin and a normal teacher can act as one.
Organisation owner must be able to set user to School Admin. School Admin can login to Puavo Users and manage school's information, roles, groups and users.
School Admin set on ldap by school's puavoSchoolAdmin attribute. Value must be a array of user's dn.
One should be able to sync Puavo's user database with Google Apps for Edu.
Searching in Puavo does not work on Internet Explorer (8.0.6001.18702)
Admins should not be able to create groups with names that have special meanings (e.g. anon, root) in the system to prevent problems on LTSP servers.
Some users (especially teachers) are affiliated with multiple schools. There should be a way to link users to multiple schools (and roles in them) to give them access to schools' services and resources.
When adding or editing a user, Firefox password manager steps in and automatically fills person id and the first password field with logged in user credentials which are saved in password manager.
Reproduce:
eduPerson schema defined attribute eduPersonPrincipalName that holds authentication id in form of user@scope. This can be used to store the name of user's kerberos principal.
One should not be able to create users that begin with adm- or anon- as they have special functionality in LTSP systems.
Users should be able to change their profile picture, password and preferred language. In the future the same portal can be used for other self-service functions and preferences. The portal could also show other user information with instructions on how to get them changed (contact school admins). This could be also used to distribute required remote desktop keys for users who have remote access enabled.
There are constant problems while changing user passwords. By executing following commands on ldap-server resolves the problem for a while:
/etc/init.d/slapd restart
/etc/init.d/krb5-kdc restart
/etc/init.d/puavo_kadmind restart
/etc/init.d/slapd restart
For easy installation deb-packages for Ubuntu 12.04 should be created.
Puavo should be able to act as a SAML identity provider to external services like Google Apps.
If user information is separated with both tab and a comma in the original data, Puavo keeps the comma in the user attributes. When both are found, they should be used as a separator together.
It should be possible to get notifications to external web applications when data is changed in Puavo. It should be possible for admins to define webhooks that are called when data is changed. External applications can then act automatically without polling when something happens.
External files needs a support fot Mimio license file. The files are:
Current documentation does not describe setup of preferred development environment. Following details should be specified:
If you use mass addition fuction to create new users names with letter ó, the letter will also end up to the username, which is unwanted. Letter ó should be filtered and replaced with standard o.
Currently users have user type (affiliation), one or more roles and groups. These all convey partly the same information and this should be simplified.
School's admin users must be able to lock user accounts
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.