Optional modules

Askbot supports a number of optional modules, enabling certain features, not available in askbot by default.

LDAP authentication

To enable authentication via LDAP (Lightweight Directory Access Protocol, see more info elsewhere) , first install python-ldap package:

pip install python-ldap

After that, add configuration parameters in live settings, section “LDAP settings” (url /settings/LDAP_SETTINGS, relative to the forum base url)

Note

While it is possible to configure LDAP via web interface, it is actually more safe to add them in your settings.py file in the LIVESETTINGS_OPTIONS dictionary. Consider that a breach in security of your forum might open malicious access into your LDAP directory.

The parameters are (note that some have pre-set defaults that might work for you):

* in Login Provider Settings select "enable local login"
  • this makes login/password form available
  • enable/disable LDAP for password login - must check that, to connect the login/password form to LDAP flow
  • create accounts automatically or not (LDAP_AUTOCREATE_USERS)
  • protocol version (LDAP_PROTOCOL_VERSION) (version 2 is insecure and deprecated)
  • ldap url (LDAP_URL)
  • base distinguished name, ‘dn’ in LDAP parlance (LDAP_BASEDN)
  • user id field name (LDAP_USERID_FIELD)
  • email field name (LDAP_EMAIL_FIELD)
  • user name filter template (LDAP_USERNAME_FILTER_TEMPLATE) must have two string placeholders.
  • given (first) name field (LDAP_GIVEN_NAME_FIELD)
  • surname (last name) field (LDAP_SURNAME_FIELD)
  • common name field (LDAP_COMMON_NAME_FIELD) either given and surname should be used or common name. All three are not necessary - either first two or common. These fields are used to extract users first and last names.
  • Format of common name (LDAP_COMMON_NAME_FIELD_FORMAT) values can be only ‘first,last’ or ‘last,first’ - used to extract last and first names from common name

There are three more optional parameters that must go to the settings.py file:

* ``LDAP_LOGIN_DN``
* ``LDAP_PASSWORD``
* ``LDAP_EXTRA_OPTIONS``, a list of two-item tuples - of names and values of
the options. Option names must be upper case strings all starting with OPT_ as described in the python ldap library documentation. An often used option is (OPT_REFERRALS, 0).
  • LDAP_AUTHENTICATE_FUNCTION - dotted python path to optional function that can override the default ldap_authenticate function. This function allows to completely customize the LDAP login procedure. To see what is expected of this function (input parameters and the return value) - look at the end of the doc string at askbot.deps.django_authopenid.ldap_auth.ldap_authenticate_default. One use case for the custom function is determining to which group a user might belong or check any additional access rules that might be stored in your LDAP directory. Another use case - is the case when the default procedure just does not work for you.
  • LDAP_AUTHENICATE_FAILURE_FUNCTION - python dotted path to an additional function that may be called after a unsuccessful authentication. This function can be used to set custom error messages to the login form. The function should take two parameters (in the following order): user_info, login_form. user_info - is the same dictionary that is returned by the ldap_authenticate function.
  • LDAP_CREATE_USER_FUNCTION - python dotted path to function that will create the ldap user, should actually return a user association object, like askbot.deps.django_authopenid.ldap_auth.ldap_create_user_default. Function takes return value of the ldap authenticate function as a sole parameter.

Use these when you have the “directory master passsword” - for a specific user who can access the rest of the directory, these were not added to the live settings due to security concerns.

LDAP_USER and LDAP_PASSWORD will be used only if both are provided!

Since LDAP authentication requires so many parameters, you might need to debug the settings. The function to look at is askbot.deps.django_authopenid.backends.ldap_authenticate. If you have problems with LDAP please contact us at support@askbot.com.

The easiest way to debug - insert import pdb; pdb.set_trace() line into function askbot.deps.django_authopenid.backends.ldap_authenticate, start the runserver and step through.

Custom section in the user profile

Sometimes you might want to add a completely custom section to the user profile, available via an additional tab.

This is possible by editing the settings.py file, which means that to use this feature you must have sufficient access to the webserver file system.

Add a following setting to your settings.py:

ASKBOT_CUSTOM_USER_PROFILE_TAB = {
    'NAME': 'some name',
    'SLUG': 'some-name',
    'CONTEXT_GENERATOR': 'myapp.views.somefunc'
}

The value of ASKBOT_CUSTOM_USER_PROFILE_TAB['CONTEXT_GENERATOR'] should be a path to the function that returns context for the tab.

Here is a simple example of the content generator implemented as part of the fictional application called myapp:

from myapp.models import Thing#definition not shown here
from django.template import Context

def somefunc(request, profile_owner):
    """loads things for the ``profile_owner``
    and returns output rendered as html string
    """
    things = Thing.objects.filter(user = profile_owner)
    return {'things': things}

The function is very similar to the regular Django view, but returns a string instead of the HttpResponse instance.

Create your custome theme, copy there a template askbot/templates/user_profile/custom_tab.html. Then modify the template to display the context generated by the function shown above.

Also, the method must accept one additional argument - an instance of the django.contrib.auth.models.User object.

Wordpress authentication

To enable authentication for self hosted wordpress sites(wordpress.com blogs will work with openid login). To enable it follow the following steps:

  • Check if you have the package “python_wordpress_xmlrpc from pypi.
  • Go to your wordpress blog admin panel and serch for: Settings->Writing->Remote Publishing then check the box for XML-RPC.
  • Go back to your askbot site settings and click on Login Provider Settings and then activate the option Activate to allow login with self-hosted wordpress site,
  • Input your blog url to the xmlrpc.php file it will look something like this http://yoursite.com/xmlrpc.php
  • Upload an icon for display in the login area.

After doing this steps you should be able to login with your self hosted wordpress site user/password combination.

Celery for background jobs

Askbot supports celery distributed task queue for some task, to enable it follow the following steps:

For supervisor: add this sample config file named askbot.conf into /etc/supervisor/conf.d/ directory:

[program:askbot_celery]
command=celeryd --loglevel=INFO

environment=PYTHONPATH=/path/to/project
directory=/path/to/project

user=nobody
numprocs=1
stdout_logfile=/var/log/askbot_celery.log
stderr_logfile=/var/log/askbot_celery.err
autostart=true
autorestart=true
startsecs=10

Then run supervisorctl update and it will be started. For more information about job handling with supervisor please visit this link.