School Identity Manager

From OLPC
Revision as of 01:27, 8 August 2011 by Tinker (talk | contribs) (→‎Implementation: fix broken link to http://dev.laptop.org/git/projects/idmgr/)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
  english | español HowTo [ID# 258944]  +/-  


  This page is monitored by the OLPC team.


This page describes the identity manager, one of many services provided by the XS School server software.

A laptop is registered with a school server. This provides the laptop with globally defined names for its presence and backup services (defined in /etc/idmgr.conf on the schoolserver), as well as creating an account on the school server. The username is the laptop's serial number, the password the UUID, and its public key is placed on the school server for future authentication. This registration process is performed by the Identity Manager.

The laptop Sugar user interface has a register command in the menu associated with the XO figure in the home screen which triggers the above process (with port 8080 on DNS name "schoolserver" in the local domain). This command vanishes from the user interface once a laptop is registered.

Installation and configuration

The Identity Manager is part of the normal school server software, available from our repositories, as of build 128 (Sept. 2, 2007). Earlier builds may simply update (yum update) to obtain and install the service.

The configuration of the Identity Manager is relatively static. It resides at a well-known port (8080) on a well known DNS name (schoolserver)in the local school domain. It uses a database at a fixed location (/home/idmgr/identity.db). Two parameters may be provided via a configuration file (/etc/idmgr.conf), which typically looks like:

BACKUP=schoolserver.random.xs.laptop.org
PRESENCE=schoolserver.random.xs.laptop.org

Implementation

The Identity Manager is a server which accepts requests for registration from laptops. If the registration request is from a new laptop, the server creates a user account for that laptop on a school server.

The server is started and stopped using a script located in /etc/init.d/idmgr. This script may be run using the service command:

service idmgr start|stop|status

The /etc/init.d/idmgr init script calls /usr/bin/registration-manager. For debugging purposes (after stopping the idmgr service) you can run registration-manager directly, with no arguments. It won't daemonise and will print messages to stderr rather than using syslog.

The database of laptops registered with a school is maintained in a SQL database. This database currently uses SQLite (v3) and is located at: /home/idmgr/identity.db, but this may change in the future.

The identity manager is written in Python, and includes the idmanager python library. This can be used to access the database in a pythonic manner, regardless of the underlying database format.

XS-0.4 and older

/etc/init.d/idmgr worked as described above, but the script it called was located at /home/idmgr/idmgr/server.py.

Manipulation of the registration database

A summary of the contents of the registration database is provided by:

/home/idmgr/list_registration

Before manually altering the database, you should go to the school server and stop the identity manager:

service idmgr stop

The database of users in a school is cleared upon initial installation of the school server software. The database may be copied to back it up.

Although not recommended (it leaves user accounts on the server), the database may be deleted to clear the registration database--- a new database may be created using the /home/idmgr/create_registration script.

Upcoming releases will provide a web-base interface for moving students between laptops and removing laptops from a school's database.

XO registration process

The registration process begins when an XO laptop user clicks on the avatar and then clicks Register from the drop down menu. This action executes /usr/lib/python2.5/site-packages/jarabe/desktop/schoolserver.py. This python script gathers the following required information from the XO laptop in order to register with the schoolserver :

  • serial number
  • nickname
  • uuid
  • SSH pubkey

This data is sent via xmlrpc over port 8080 to the Identity Manager service on the school server. The identity manager is a python script located in /usr/bin/registration-server on the school server. This service receives the information and validates the serial number. The information is then inserted into an sqlite3 database. It will then send back the following information to the XO laptop.

  • success
  • backupurl
  • backuppath
  • jabberserver