Showing welcome web page when users log in, controlled by LDAP

To: debian-edu@lists.debian.org
Subject: Showing welcome web page when users log in, controlled by LDAP
From: Petter Reinholdtsen <pere@hungry.com>
Date: Wed, 30 Jun 2010 09:28:20 +0200
Message-id: <[🔎] 2fl4ogl3ror.fsf@login1.uio.no>

The last few days I implemented a new feature for Debian Edu/Squeeze,
where all users on the first login will get a web browser showing a
welcome page.  The URL to the welcome page is fetched from the root
DSE entry in LDAP.

The relevant patch implementing this feature is included below, and I
welcome input on the approach.

Storing the URL using labeledURI in the root DSE make sure the URL is
available independently of any access restrictions set on the LDAP
tree, but it impossible to use normal LDAP tools to change the URL.
The latter seem like a bad idea, and I wonder if it is better to store
it under dc=skole,dc=skolelinux,dc=no instead.

Is there a better LDAP schema for this?  The labeledURI attribute from
the labeledURIObject object class was one of the few I found for URL
attributes, but I suspect an attribute named similar to welcomePageURI
would better describe its purpose.  Is there a LDAP schema providing a
more sensible object class and attribute to use?

For larger installations, it might be more useful to allow different
classes of users to get different welcome pages.  One idea to handle
that would be to look for the URL in the entire LDAP tree, starting
with the dn for the user in question and looking at all the parent
objects until such URL is found.  Anyone got ideas on how to do this
in a sensible way?

At the moment the current implementation use a autostart file to load
the browser with the URL in question.  It might be better to change
Firefox to use the URL as its default page or start page instead, to
ensure the sysadmin can control the default start page centrally.
Anyone know if there exist an Firefox extension for this, or able to
write one?

Index: etc/ldap/rootDSE-debian-edu.ldif
===================================================================
--- etc/ldap/rootDSE-debian-edu.ldif	(revision 63950)
+++ etc/ldap/rootDSE-debian-edu.ldif	(working copy)
@@ -1,5 +1,6 @@
 # This entry is available using
 #   ldapsearch -LLL -h ldap  -s base -b '' -x '*' +
+# The labeledURIObject class is defined in RFC 2079.
 dn:
 objectClass: labeledURIObject
-labeledURI: http://www.skolelinux.org/ LDAP for Debian Edu/Skolelinux
+labeledURI: http://www/ LDAP for Debian Edu/Skolelinux
Index: Makefile
===================================================================
--- Makefile	(revision 63950)
+++ Makefile	(working copy)
@@ -114,7 +118,8 @@
 	security/pam_mount-winbind-debian-edu.conf \
 	security/pam_mount-stateless-debian-edu.conf \
	krb5-winbind-debian-edu.conf \
+	xdg/autostart/welcome-webpage.desktop \
 	lsb-release \
 	apache2/mods-available/debian-edu-userdir.conf \
 	apache2/sites-available/debian-edu-default \
@@ -298,6 +315,7 @@
 		share/debian-edu-config/tools/squid-update-cachedir \
 		share/debian-edu-config/tools/update-iceweasel-homepage \
 		share/debian-edu-config/tools/update-proxy-from-wpad \
+		share/debian-edu-config/tools/show-welcome-webpage \
 		share/debian-edu-config/tools/wpad-extract \
 		share/debian-edu-config/ltsp_set_runlevel \
 		share/debian-edu-config/ltsp_local_mount \
Index: etc/xdg/autostart/welcome-webpage.desktop
===================================================================
--- etc/xdg/autostart/welcome-webpage.desktop	(revision 0)
+++ etc/xdg/autostart/welcome-webpage.desktop	(revision 65398)
@@ -0,0 +1,9 @@
+[Desktop Entry]
+Encoding=UTF-8
+Name=Debian Edu welcome page
+Comment=Display welcome web page on first time login
+TryExec=/usr/share/debian-edu-config/tools/show-welcome-webpage
+Exec=/usr/share/debian-edu-config/tools/show-welcome-webpage
+Terminal=False
+Type=Application
+Categories=
Index: share/debian-edu-config/tools/show-welcome-webpage
===================================================================
--- share/debian-edu-config/tools/show-welcome-webpage	(revision 0)
+++ share/debian-edu-config/tools/show-welcome-webpage	(revision 65398)
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Start web browser with our welcome web page on first time login, and
+# the first time when a user log after the URL to the page changes.
+
+set -e
+
+# Locate LDAP server dynamically
+LDAPSERVER=$(debian-edu-ldapserver)
+
+if [ "$LDAPSERVER" ] ; then
+    welcomeurl=$(ldapsearch -LLL -h $LDAPSERVER -s base -b '' -x labeledURI \
+	| awk '/labeledURI:/ {print $2}')
+fi
+
+if [ -z "$welcomeurl" ] ; then
+    welcomeurl="http://www/";
+fi
+
+if [ -e /etc/debian-edu/config ] ; then
+    . /etc/debian-edu/config
+fi
+
+flagdir="$HOME/.debian-edu"
+flagfile="$flagdir/welcome-page-shown"
+
+show_welcome_page() {
+    mkdir -p "$flagdir"
+    echo "$welcomeurl" > "$flagfile"
+    exec x-www-browser "$welcomeurl"
+}
+
+if [ ! -f "$flagfile" ] ; then
+    show_welcome_page
+else
+    oldwelcomeurl="$(cat $flagfile)"
+    if [ "$welcomeurl" != "$oldwelcomeurl" ] ; then
+	show_welcome_page
+    fi
+fi

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Prev by Date: Bug#585064: isc-dhcp upload to unstable imminent
Next by Date: Printing Quotas with PaperCut? // Re: Pykota
Previous by thread: Bug#585064: isc-dhcp upload to unstable imminent
Next by thread: Printing Quotas with PaperCut? // Re: Pykota
Index(es):
- Date
- Thread