Email: <dimitri AT SPAMFREE alussinan DOT org>

Patches

MoinMoin

External components

Example Code

using an helper function to convert an Active Directory login into a WikiName with LDAPAuth

   1 ## in farmconfig.py/wikiconfig.py:
   2 ## the helper function
   3     def getWikiNameFromLoginName(ldap_dict):
   4         gn = ldap_dict.get('givenName',[''])[0]
   5         sn = ldap_dict.get('sn',[''])[0]
   6 ## depending on your AD implementation of attributes use one of the following:
   7         return "%s%s" % (sn,gn)   
   8 ##      return "%s%s" % (gn,sn)   
   9 
  10     ldapAD = LDAPAuth(
  11         #server_uri=r'ldaps://domain.fqdn',
  12         server_uri=r'ldap://domain.fqdn',
  13 
  14         #bind_dn=r'%(username)s@domain.fqdn',
  15         #bind_pw=r'%(password)s',
  16         bind_dn=r'SomeServiceAccount@domain.fqdn',
  17         bind_pw=r'GuessIt!',
  18         base_dn='ou=UsersContainer,ou=SomeWhere,dc=domain,dc=fqdn',
  19         search_filter=r"(&(sAMAccountName=%(username)s)(memberOf=CN=SomeGroupForWikiAccess,ou=MyGroups,DC=domain,DC=fqdn))",
  20         givenname_attribute=r'givenName',
  21         surname_attribute=r'sn',
  22         email_attribute=r'mail',
  23         name_callback=getWikiNameFromLoginName,
  24         autocreate=True,
  25     )
  26     
  27     auth = [ldapAD]
  28

Docs

Installing MoinMoin 1.9.x on Windows 2003 SP2 32-bit with IIS

Basic installation (no authentication)

  1. Take a Windows 2003 Standard Edition 32-bit Server with IIS Web Service, domain member if you need AD authentication
  2. add Python 2.6.4, for all users, in %PROGRAMFILES%\Python26, no help file, no test suite, no build headers nor libraries (just include the first two items)
  3. add %PROGRAMFILES%\Python26 to the system path
    • wasn't that added by python installer already?
  4. add Win32 extensions for Python. pywin32-214.win32-py2.6.exe the version must match your python installation (Major.Minor)
  5. add 7-zip 4.65 for untaring moimoin

  6. install moinmoin-1.9.x by untaring it into a temp directory, and use python setup.py install from the distribution

  7. add the above path to a new PYTHONPATH system variable
  8. Also add to this PYTHONPATH variable the path to the config files for the wiki farm.

PYTHONPATH=C:\Program Files\python26\Lib\Site-Packages\MoinMoin;E:\wikis\common\config

  1. run wikiserver.py and connect to http://localhost:8080 to check the basic moinmoin install is working (no ldap, no plugin, no external webserver). Once launched, hit ctrl-break into the cmd window to stop the webserver.

Gluing IIS and the MoinMoin WGSI App together

  1. install ISAPI-WSGI extension isapi_wsgi-0.4.1.win32.exe
  2. Test WSGI is working [test.wsgi or wsgitest.py from isapi-wsgi]
    • [steps to be added]

    • point your browser to http://localhost/test and check you've got a web page

    • [steps to be added]
  3. Copy the wsgi loader to the %winDir%\system32\inetsrv. 

    •    1 ## moinmoinloader.py
   2 ##
   3 ## entry point between the ISAPI extension
   4 ## and the MoinMoin WSGI server
   5 ## using ISAPI WSGI
   6 ##
   7 ## DJ / 18.11.2009 / 1.0 - Initial release
   8 ## DJ / 15.12.2009 / 1.1 - adapted for MoinMoin 1.9
   9 ##
  10 ## portions from the examples installed with ISAPI WSGI
  11 
  12 ## Import MoinMoin WSGI Server
  13 
  14 ## MoinMoin 1.6 to 1.8
  15 ## from MoinMoin.server.server_wsgi import moinmoinApp, WsgiConfig
  16 ## MoinMoin 1.9
  17 from MoinMoin.web.serving import make_application
  18 
  19 ##class Config(WsgiConfig):
  20 ##    pass
  21 
  22 ## no longer needed in 1.9
  23 ## config = Config() 
  24 
  25 ## import the ISAPI WSGI glue
  26 import isapi_wsgi
  27 
  28 # The entry points for the ISAPI extension.
  29 def __ExtensionFactory__():
  30     ## new waz to instantiate in 1.9
  31     moinmoinApp = make_application(shared=True) 
  32     return isapi_wsgi.ISAPIThreadPoolHandler(moinmoinApp)
  33 
  34 ## Installation code
  35 if __name__=='__main__':
  36     # If run from the command-line, install ourselves.
  37     from isapi.install import *
  38     params = ISAPIParameters()
  39     # Setup the virtual directories - this is a list of directories our
  40     # extension uses - in this case only 1.
  41     # Each extension has a "script map" - this is the mapping of ISAPI
  42     # extensions.
  43     sm = [
  44         ScriptMapParams(Extension="*", Flags=0)
  45     ]
  46 	# customize with as many as wiki as needed
  47 	# TODO: rewrite by loading the wikis array in farmconfig.py
  48     vd1 = VirtualDirParameters(Name="Wiki1", # Change it if you don't like it
  49                               Description = "ISAPI-WSGI ISAPIThreadPoolHandler MoinMoin Wiki1link",
  50                               ScriptMaps = sm,
  51                               ScriptMapUpdate = "replace"
  52                               )
  53     vd2 = VirtualDirParameters(Name="Wiki2", # Change it if you don't like it
  54                               Description = "ISAPI-WSGI ISAPIThreadPoolHandler MoinMoin Wiki2 link",
  55                               ScriptMaps = sm,
  56                               ScriptMapUpdate = "replace"
  57                               )
  58     params.VirtualDirs = [vd1, vd2]
  59     HandleCommandLine(params)
  60
      moinmoinloader19.py

/!\ This version is designed for MoinMoin 1.9 and will not work for previous versions

  1. Note: In case of a wiki farm, you must use multiple virtual directories
  2. Edit it if you need to install the wikis elsewhere than at root

  3. Run it as moinmoinloader.py install. This will create a _moinmoinloader.dll in the same directory.

/!\ As w3wp.exe, the IIS process, by default runs under the "Network Service" account, the dll should be placed in a directory where this account has right to access files.

  1. Go to http://localhost to check you have at least a python page (Even error)

/!\ If you rename the .py file as foobar.py the dll will be created as _foobar.dll /!\ Due to the used thread model, you must use iisreset when you modify a .py config file so your changes are propagated thru the recompilation into new .pyc files

  1. If you need to change any WWW binding, run the .py file with moinmoinloader.py remove, make your changes, and re-run the file with the install parameter

  2. Create the wiki structure into the E: drive
    • create a E:/Wikis folder
    • create a E:/wikis/common folder
    • create a E:/wikis/common/user folder
    • create a E:/wikis/common/config folder

    • create a E:/wikis/<wikiname> folder per wiki in the farm

    • [to be added: basic structure picture / copy]
  3. check the farmconfig.py file in E:/Wikis/Common/config 

   1 # -*- coding: iso-8859-1 -*-
   2 
   3 """
   4     MoinMoin - example farm config
   5 
   6 	DJ / 1.0 / 08.04.2006 - Initial Release
   7 	DJ / 2.0 / 19.11.2009 - Rewrote for MoinMoin 1.8 as syntax changed after 1.5
   8 	DJ / 2.1 / 15.12.2009 - Changed wiki path, tested with 1.9
   9         DJ / 2.2 / 16.12.2009 - added authentication with LDAP under MoinMoin 1.9
  10 
  11    When used with ISAPI/WSGI under IIS, an iisreset must be issued
  12    for changes in this file to apply
  13 
  14 """
  15 
  16 # Wikis in your farm --------------------------------------------------
  17 wikis = [
  18     ("Wiki1",  r"^.*/wiki1.*$"),
  19     ("Wiki2",  r"^.*/wiki2.*$"),
  20 ]
  21 
  22 
  23 # Common configuration for all wikis ----------------------------------
  24 from MoinMoin.config.multiconfig import DefaultConfig
  25 import os.path
  26 
  27 # Automatically calculates path based on standard OEM structures, used by subwikis
  28 class ConfigPath(object):
  29 		# where are we...
  30 		ConfigDir = os.path.dirname( os.path.realpath( __file__ ) )
  31 		Root = os.path.dirname( os.path.realpath(  (ConfigDir + "\\..") ) )
  32 		Common = os.path.dirname( os.path.realpath(  (ConfigDir + "\\..\\common") ) )
  33 	
  34 class FarmConfig(DefaultConfig):
  35 
  36     # Critical setup  ---------------------------------------------------
  37 
  38     data_dir = './data/'	
  39     data_underlay_dir = ConfigPath.Common + '/underlay/'
  40     url_prefix_static = '/moin'  #create an alias in IIS, changed from /moin_static185 in ver 1.8.5
  41 
  42 
  43 
  44     # Mail --------------------------------------------------------------
  45 
  46     mail_smarthost = "smtp.somewhere.invalid"
  47     mail_from = "wiki@somewhere.invalid"
  48 
  49     # User interface ----------------------------------------------------
  50     navi_bar = [
  51         u'%(page_front_page)s',
  52         u'RecentChanges',
  53         u'FindPage',
  54         u'HelpContents',
  55     ]
  56 	
  57     # The default theme anonymous or new users get
  58     theme_default = 'sinorca4moin'
  59 
  60     # Authentication --- Valid for MoinMoin > 1.9
  61 
  62     ## Insert your LDAPAuth here...
  63 
  64     # a list of form field names to be disabled in the UserPreferences.
  65     user_form_disable = ['name', ]
  66  
  67     # a list of form field names to be removed from the UserPreferences.
  68     user_form_remove = ['password', 'password2', ]
  69 
  70 	
  71     # Language options --------------------------------------------------
  72 
  73     language_default = 'en'
  74 
  75     page_category_regex = ur'(?P<all>Category(?P<key>\S+))'
  76     page_dict_regex = ur'(?P<all>(?P<key>\S+)Dict)'
  77     page_group_regex = ur'(?P<all>(?P<key>\S+)Group)'
  78     page_template_regex = ur'(?P<all>(?P<key>\S+)Template)'
  79 
  80     # Content options ---------------------------------------------------
  81     show_hosts = 0
  82     show_interwiki = True
  83     logo_string = u''
  84 
  85     # Interwiki linking ----------------
  86     shared_intermap = ConfigPath.ConfigDir + '\\intermap.txt'
  87     user_homewiki = 'Wiki1'
  88     user_dir = ConfigPath.Common + '\\User'
  89     interwiki_preferred = ['Wiki1','Wiki2']
  90     trusted_wikis = [ 'Wiki1','Wiki2']
  91 
  92     # Valid for MoinMoin <= 1.9.0; to be changed after 1.9.0
  93     cookie_path = '/'
  94 
  95     # Permissions ---------------------
  96     superuser = [u"JohnDoe", ]
  97     acl_hierarchic = True
  98     acl_rights_before = u"AdminGroup:admin,read,write,delete,revert"
  99     acl_rights_default=u"Trusted:read,write,delete,revert Known:read,write,delete,revert ViewerGroup:read All:"
 100 
 101 
 102     # show_timings = True
 103     # Enable graphical charts, requires gdchart.
 104     #chart_options = {'width': 600, 'height': 300}
 105
farmconfig.py

  1. the SiteName in the py files should start with the prefix for your farm, eg. if you created a wf/site1 virtual directory and then a wf/site2, the site names should be wf/siteXX in the files.

  1. create with IIS Manager a new virtual directory for serving static contents. The name of the virtual directory is given by url_prefix_static in the .py file.

    • If you use the above .py files, the name is moin

    • For MoinMoin 1.9 using Python 2.6.x, you should point it to %PROGRAMFILES%\Python26\Lib\site-packages\MoinMoin\web\static\htdocs if you have installed MoinMoin in site-packages.

  2. Do not forget to replace the intermap.txt file with a line per wiki 

       1 ## Please edit system and help pages ONLY in the moinmaster wiki! For more
   2 ## information, please see MoinMaster:MoinPagesEditorGroup.
   3 ##master-page:None
   4 ##master-date:None
   5 #acl MoinPagesEditorGroup:read,write,delete,revert All:read
   6 #format plain
   7 #language en
   8 # MoinMoin master InterWiki list
   9 
  10 Wiki1 /wiki1/
  11 Wiki2 /wiki2/
  12
    intermap.txt
  3. Add IIS customizations below if needed

Finishing the layout

  1. Replace underlay directory in E:/wikis/common subdirectory by the one found in wiki/underlay in the distribution tarball

  2. go to the LanguageSetup page as SuperUser to install the help (English/allpages.zip choosen here)

  3. Add theme customizations if wished

Adding authentication using LDAP

  1. Install python-ldap for the matching version of python (official msi on www.python.org) if you intend to use LDAP queries
  2. If you forget this and use a LDAP authenticator you will receive 500/Web Server errors.
  3. use a LDAP authenticator object with bind credentials as a domain user, the user credentials do not seem to work. See Example Code

IIS Customizations: using HTTPS and an alias for your server

  1. Create a self-signed certificate with SelfSSL from the IIS resource kit: http://www.iis.net/downloads/default.aspx?tabid=34&i=1352&g=6

The CN format should be: 

CN=server,CN=server.domain.fqdn,CN=alias,CN=alias.domain.fqdn
  1. Add a Host Header Value to the IIS web site for your alias
  2. Put Self Signed certificate in Local Computer\Trusted CA store to do your tests locally
  3. Require SSL in Directory Security
  4. Add a nice welcome page to the root of your IIS Web Site

  5. To have better performance, you may set EnableKernelSSL:DWord=1 in HKLM\system\CurrentControlSet\Http\parameters.

This will speed up https by letting the encryption/decryption routines be done in kernel mode instead of switching to userland. /!\ There are restrictions about what options are supported under this mode in IIS6, eg. no client certificates, as documented here: http://msdn.microsoft.com/en-us/library/aa364671.aspx You need to restart the HTTP boot driver for the changes to happen (Beware of the dependencies to HTTP SSL, IIS Admin and web services)

  1. To make your users happy, replace the 403.4 Custom Error Page by

    The page must be viewed over a secure channel

    The page you are trying to access is secured with Secure Sockets Layer (SSL).
    403-4-Redirect.htm

Debugging In MoinMoin under Windows

  1. Set an environment variable in system called MOINLOGGINGCONF. Its calue is a filename with path to a configuration file specifying log level, log filename and code parts to be logged. You may use a traditional IIS-oriented path

    eg. %windir%\system32\logfiles\moinlogging.ini

moinloggingconf.png

  1. Create the file pointed at by this variable. You may take it from the sample in the distribution in wiki\config\logging.
  2. Do not forget if you take samples from the distribution tarball to change the Unix-like paths into Win32-like ones.

    1. Create a folder moin under %windir%\system32\logfiles

    2. Change the line to logfile=C:\windows\system32\logfiles\moin\moin.log. This is the example to debug authentication issues: 

   1 # This is a sample auth/session debug logging configuration.
   2 # If one encounters problem, one usually want to have lots of information -
   3 # but only from SOME parts of moin not from every part.
   4 # Thus we configure the root logger to use INFO loglevel and
   5 # some specific loggers to use DEBUG logging.
   6 
   7 [DEFAULT]
   8 # Logfile to create.
   9 # Make sure the running moin process has create/write rights there.
  10 logfile=C:\windows\system32\logfiles\moin\moin.log
  11 
  12 [loggers]
  13 keys=root,moin_auth,moin_session
  14 
  15 [handlers]
  16 keys=logfile
  17 
  18 [formatters]
  19 keys=logfile
  20 
  21 [logger_root]
  22 level=INFO
  23 handlers=logfile
  24 
  25 [logger_moin_auth]
  26 level=DEBUG
  27 handlers=logfile
  28 propagate=0
  29 qualname=MoinMoin.auth
  30 
  31 [logger_moin_session]
  32 level=DEBUG
  33 handlers=logfile
  34 propagate=0
  35 qualname=MoinMoin.session
  36 
  37 [handler_logfile]
  38 class=FileHandler
  39 formatter=logfile
  40 level=DEBUG
  41 args=('%(logfile)s', 'at')
  42 
  43 [formatter_logfile]
  44 format=%(asctime)s %(name)s %(levelname)s %(message)s
  45 datefmt=
  46 class=logging.Formatter
  47
moinlogging.ini

/!\ You need to restart the ISAPI handler for this to work. Use the iisreset command for this.

message to me

...

CategoryHomepage

MoinMoin: DimitriJanczak (last edited 2010-03-05 08:04:02 by DimitriJanczak)