|
1164.2.11
by Matt Giuca
More headings and files! |
1 |
.. IVLE - Informatics Virtual Learning Environment
|
2 |
Copyright (C) 2007-2009 The University of Melbourne
|
|
3 |
||
4 |
.. This program is free software; you can redistribute it and/or modify
|
|
5 |
it under the terms of the GNU General Public License as published by
|
|
6 |
the Free Software Foundation; either version 2 of the License, or
|
|
7 |
(at your option) any later version.
|
|
8 |
||
9 |
.. This program is distributed in the hope that it will be useful,
|
|
10 |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
12 |
GNU General Public License for more details.
|
|
13 |
||
14 |
.. You should have received a copy of the GNU General Public License
|
|
15 |
along with this program; if not, write to the Free Software
|
|
16 |
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
17 |
||
18 |
*********************
|
|
19 |
Architecture overview
|
|
20 |
*********************
|
|
21 |
||
22 |
This page describes the various subsystems of IVLE. |
|
23 |
||
|
1164.2.36
by David Coles
Added diagram of system architecture |
24 |
.. image:: /images/ivle-system-diagram.png |
25 |
||
|
1164.2.11
by Matt Giuca
More headings and files! |
26 |
The IVLE web application
|
27 |
========================
|
|
28 |
||
29 |
User management server
|
|
30 |
======================
|
|
31 |
||
|
1164.2.13
by Matt Giuca
doc/man/architecture.rst: User management server. |
32 |
The "user management" server (:file:`usrmgt-server`) is an |
33 |
inappropriately-named program which must be run as root in the background of |
|
34 |
an IVLE instance. It is responsible for performing tasks at the request of the |
|
35 |
IVLE web application, which require root privileges: |
|
36 |
||
37 |
* Activating users when they first log into the system (including the creation
|
|
38 |
of jails and user Subversion repositories). |
|
39 |
* Creating group Subversion repositories.
|
|
40 |
* Rebuilding Subversion configuration files.
|
|
|
1164.2.11
by Matt Giuca
More headings and files! |
41 |
|
42 |
Subversion server
|
|
43 |
=================
|
|
44 |
||
45 |
User jails
|
|
46 |
==========
|
|
47 |
||
48 |
Scripts
|
|
49 |
=======
|
|
50 |
||
51 |
Database
|
|
52 |
========
|
|
|
1419
by Matt Giuca
doc/man/architecture: Added section on auth and pulldown modules. |
53 |
|
54 |
Authentication
|
|
55 |
==============
|
|
56 |
||
57 |
There are two mechanisms by which IVLE can connect to an external server to |
|
58 |
get information about users. These are typically used to connect to an |
|
59 |
institution's central database to authenticate students, and download student |
|
60 |
details (such as names and subject enrolment details). |
|
61 |
||
62 |
Neither of these mechanisms are necessary; they are only useful where |
|
63 |
third-party authentication is required. |
|
64 |
||
65 |
.. _ref-auth-modules: |
|
66 |
||
67 |
Auth modules
|
|
68 |
------------
|
|
69 |
||
70 |
IVLE's database contains user accounts, which includes a password (hash) |
|
71 |
field. In this way, IVLE is fully-functioning without third-party |
|
72 |
authentication modules. However, it is also often desirable to allow users to |
|
73 |
log in without storing their password hash in the local database. IVLE allows |
|
74 |
plug-in "auth modules" which can authenticate users with arbitrary logic, and |
|
75 |
also create new user accounts. |
|
76 |
||
77 |
This has at least the following two use cases: |
|
78 |
||
79 |
* Allowing users to authenticate upon each login with a remote server. This
|
|
80 |
allows users to log in without ever storing their password hash locally. |
|
81 |
* Allowing users who have never used IVLE to log in, without an IVLE user
|
|
82 |
account. Upon seeing an unknown username, an auth module can connect to a |
|
83 |
remote server, authenticate the unknown user, and create an IVLE user |
|
84 |
account on-the-fly, optionally downloading additional details (such as full |
|
85 |
name). |
|
86 |
||
87 |
TODO: Describe how auth modules work. |
|
88 |
||
89 |
.. _ref-subject-pulldown-modules: |
|
90 |
||
91 |
Subject pulldown modules
|
|
92 |
------------------------
|
|
93 |
||
94 |
IVLE maintains lists of enrolled students in each subject, providing access to |
|
95 |
worksheets and allowing submissions for enrolled users. Again, enrolments can |
|
96 |
be made manually, but IVLE also allows plug-in "subject pulldown modules" |
|
97 |
which can enrol students with arbitrary logic. |
|
98 |
||
99 |
This allows a third-party server to dictate which IVLE users are enrolled in |
|
100 |
which IVLE subjects. |
|
101 |
||
102 |
Subject pulldown modules are used by the :program:`ivle-enrolallusers` script |
|
103 |
to automatically enrol all existing users in subjects. Note that this does not |
|
104 |
enrol users who are not in the IVLE database (perhaps because a third-party |
|
105 |
auth module is being used to create user accounts on-the-fly, and some |
|
106 |
students have not yet logged in for the first time). |
|
107 |
||
108 |
Because of this, subject pulldown modules are also used whenever a student |
|
109 |
logs in. This ensures that students who log in for the first time are |
|
110 |
automatically enrolled in all subjects, according to the third-party server, |
|
111 |
and also ensures that enrolments are kept up-to-date, should the third-party |
|
112 |
server add new enrolments, or should new subjects be created in IVLE. |
|
113 |
||
114 |
.. note:: |
|
115 |
Enrolments are never removed by subject pulldown modules, only added. |
|
116 |
Students can only be un-enrolled from a subject by an administrator. |
|
117 |
||
118 |
TODO: Describe how subject pulldown modules work. |