School Identity Manager

From OLPC
Revision as of 06:30, 19 January 2008 by Wad (talk | contribs)
Jump to navigation Jump to search
  This page is monitored by the OLPC team.

This page describes the identity manager, one of many services provided by the XS School server software.

A laptop is registered with a school server. This provides the laptop with globally defined names for it's presence and backup services (defined in /etc/idmgr.conf on the schoolserver), as well as creating an account on the school server. The username is the laptop's serial number, the password the UUID, and its public key is placed on the school server for future authentication. This registration process is performed by the Identity Manager.

The laptop Sugar user interface has a register command in the menu associated with the XO figure in the home screen which triggers the above process (with port 8080 on DNS name "schoolserver" in the local domain). This command vanishes from the user interface once a laptop is registered.

Installation and Configuration

The Identity Manager is part of the normal school server software, available from our repositories, as of build 128 (Sept. 2, 2007). Earlier builds may simply update (yum update) to obtain and install the service.

The configuration of the Identity Manager is relatively static. It resides at a well-known port (8080) on a well known DNS name (schoolserver)in the local school domain. It uses a database at a fixed location (/home/idmgr/identity.db). Two parameters may be provided via a configuration file (/etc/idmgr.conf), which typically looks like:

BACKUP=schoolserver.random.xs.laptop.org
PRESENCE=schoolserver.random.xs.laptop.org

Implementation

The Identity Manager is a server which accepts requests for registration from laptops. If the registration request is from a new laptop, the server creates a user account for that laptop on a school server.

The server is started and stopped using a script located in /etc/init.d/idmgr. This script may be run using the service command:

service idmgr start|stop|status

The database of laptops registered with a school is maintained in a SQL database. This database, built and maintained using SQLite (v3), is located at: /home/idmgr/identity.db.

The identity manager is written in Python, using SQLAlchemy to painlessly integrate the SQL database. It is located in /home/idmgr/idmgr/ on the server.

Manipulation of the Registration Database

A summary of the contents of the registration database is provided by:

/home/idmgr/list_registration

Before manually altering the database, you should shut down the identity manager:

service idmgr stop

The database of users in a school is cleared upon initial installation of the school server software. The database may be copied to back it up.

Although not recommended (it leaves user accounts on the server), the database may be deleted to clear the registration database--- a new database may be created using the /home/idmgr/create_registration script.

Upcoming releases will provide a web-base interface for moving students between laptops and removing laptops from a school's database.