Difference between revisions of "Educaship MediaWiki"
(→LDAP integration (urgent task)) |
(→LDAP integration (urgent task)) |
||
| Line 21: | Line 21: | ||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
| − | : So, the urgent solution should allow for smooth work with our [[OpenLDAP]]-powered [[CNM LDAP]]. The team will provide the hired expert with full access to the [[virtual machine]] on which ''Soft's'' instance is installed. | + | : So, the urgent solution should allow for smooth work with our [[OpenLDAP]]-powered [[CNM LDAP]]. The team will provide the hired expert with full access to the [[virtual machine]] on which ''Soft's'' instance is installed and look for complete documentation on what have been done. |
: In the future, the team would also love to integrate it with a [[WSO2 IS]]-powered system as a separate project. | : In the future, the team would also love to integrate it with a [[WSO2 IS]]-powered system as a separate project. | ||
Revision as of 23:03, 21 April 2023
CNM MediaWiki (formerly known as CNM Wikiware; hereinafter, the Soft) is the CNM stable app that is based on MediaWiki, which is a commercial off-the-shelf (COTS) wiki engine. In addition, the Soft deploys CNM MariaDB as its database management system and CNM LDAP for its authentication and authorization.
The Soft is configured to power CNM Wiki, WikiHandsOn, or WikiNext, which are both CNMCyber services and parts of CNM Cloud.
Challenges
Guys, we are looking for one or more MediaWiki experts to resolve one or more of the challenges that are best described below.
- Screening question: Have you found the description of the challenges? May you resolve one or more of them? Which one or ones?
- We are open to teams. LDAP-MediaWiki and MediaWiki itself may require experts with different skill sets. We are interested in WSO2 IS - MediaWiki as well since we plan to add WSO2 IS. So, WSO2 IS-MediaWiki expert may be another freelancer.
LDAP integration (urgent task)
- Identity and access management issues:
- For a few years, the stable version of the Soft has not been updated due to new versions' conflict with CNM LDAP. Currently, the Soft uses an outdated, 1.26.4 version of MediaWiki, because the extension used to connect to its OpenLDAP does not support newer versions. At some period of time, CNM Technology Board considered three options: (1) to find or create a new extension, (2) to find another way to connect without using the extension, or (3) keep things as they are.
- At that time, the Board decided to keep things as they were since the current architecture was temporary. The Board believed that when a new private cloud based on OpenStack would be launched in the fourth phase of CNM Cloud Project, its Keystone solution would be used for authentications and authorizations. Plus, the Soft never contained any private information; all of its users' data was stored in Opplet.net.
- Later, the Board also considered migration to the WSO2 IS-based integration and wasn't sure whether LDAP would remain necessary.
- However, some when in early 2023, the even historic LDAP integration stopped functioning properly, possibly, because of outdated PHP-support. Here is a screenshot of the current issue:
Symfony\Component\Ldap\Entry Object ( [dn:Symfony\Component\Ldap\Entry:private] => cn=natly0909_rou=applet,dc=career prize,dc=com [attributes:Symfony\Component\Ldap\Entry:private] => Array ( [uid] => Array ([0] => natly0909_r ) [0] => Array ( [0] => Zina ) [I] => Array ( [0] => Sinih ) [gecos] => Array [0] na...@gmail.com )))
- So, the urgent solution should allow for smooth work with our OpenLDAP-powered CNM LDAP. The team will provide the hired expert with full access to the virtual machine on which Soft's instance is installed and look for complete documentation on what have been done.
- In the future, the team would also love to integrate it with a WSO2 IS-powered system as a separate project.
File repository
- Software repository:
- Currently, the Soft itself is used as the repository; no federated repository is available. Because CNM Cloud includes a few end-user applications, there is an idea to create one under the Warehouse for CNM Cloud project. Similarly, Wikipedia utilizes Wikimedia Commons as its repository.
- In addition, a few problems with pictures occurred in the past. As of early 2023, no problems are observed, but the quantity of stored files are about to increase significantly.
- SVG file support is another issue of the Soft development. The overwhelming majority of corporate files are in the SVG format, but, because the Soft doesn't support SVG, they need to be converted in the PNG one.
- So, the team looks for moving the Soft's files into a new repository. Under the most desired solution, (a) its files shall be available to various applications within CNM Cloud and (b) SVG-files shall be stored there and displayed properly by the Soft's instances. If the most desired solution is not feasible, under an acceptable solution various instances of the Soft shall display the repository's files.
- CNM Cloud, which part the Soft is, has a dedicated email server; the team wonders whether we can plug a Soft email client, which is currently unused, into that server. So, the most desired solution would be integration to our Postfix/Dovecot server; if the most desired solution is not available, internal email functioning would be accepted.
SOP
- Currently, CNM Farms policies are utilized for archive, backup, monitoring, security, snapshot, and restoration policies. However, there could be some Soft's useful plugins or policies that the team is unaware of. So, the team looks for the Soft's description updates and its standing operating procedure (SOP).
Guided tour
- We use the CNMCyber Guided Tours format and need someone to organize an event that would present the Soft. The event should feature:
- A speaker and/or presenter who would demonstrate a separate, so-called experiential, instance of the Soft, while following its description. The participants shall follow the presentation, try the Soft instance on their own, ask questions, and get the speaker/presenter answers.
- Recording that would be published online by the team.
Business functionality
Besides supporting CNM Wiki, the App serves as a practice tool in the learning that is delivered by Bracka School and related to knowledge management software.
System-user roles
- Opplet handles identity and access management (IAM) for the Soft's instances (including "create account" and "change other users' rights" functions). Thus, the system-user roles of the Soft's users are those Opplet roles that are specifically based on rights of groups granted by MediaWiki. The software-defined rights can be found at MediaWiki's list of groups.
Platform
- Main wikipage: CNM Farms
- CNM Farms shall provide every instance of the Soft with all resources that the Soft needs in order to run smoothly, including:
- PHP-language support;
- HA, with a target that the Soft is available 99.99% of the time for any 24-hour period;
- OpenLDAP that CNM Cloud uses for identity and access management;
- TLS, and
- MariaDB as the database management system.
- Particularly, the platform shall not store any confidential information, so such information cannot be accessed by anyone.
Security
Vulnerability alerts
Extensions
- Extensions
- Sendmail is required in order for the system to be able to send e-mails.
- Shell access is required to run maintenance scripts; upgrading MediaWiki may be more difficult without it.
File permissions
- Main wikipage: File permission
Maintenance scripts
Upload security
Main wikipage: Upload_security
Upload permissions Per default, all registered users can upload files. To restrict this, you have to change $wgGroupPermissions: To prevent normal users from uploading files: $wgGroupPermissions['user']['upload'] = false; To create a special group called "uploadaccess", and allow members of that group to upload files: $wgGroupPermissions['uploadaccess']['upload'] = true;
See also
Development
- Development of the Soft occurs under the MediaWiki for CNM Cloud project.
