Hi Adam,

I appreciate your taking the time to provide detailed inputs along with
links to relevant posts.


Our instance is currently set up to allow users to self-service account
provisioning in that if they are are a member of the University and have
an appropriate entry in our LDAP/AD system, the act of providing their
authentication credentials at the Galaxy login prompt results in the
Galaxy account and a local OS-level "account" (only used for sFTP) being
provisioned automagically via the aforementioned script invoked from a
modified version of ../lib/galaxy/web/framework/__init__.py creating a
local account and the requisite FTP upload directory if those don't
already exist. 

As you rightly pointed out keeping code customizations current with
upgrades is non-trivial and something I would like to minimize, and
therefore this post.

At this juncture, I will pursue the Shell/Python script polling
"galaxy_user" option or re-attempt the ProFTPD (which appears to not
require the creation of a local user account and has the ability to query
the PostgreSQL DB for user credentials; in our case the credentials would
have to be put together from a combination of PostgreSQL and LDAP queries)
option.

Thank you.

-----Original Message-----
From: Adam Brenner <aebre...@uci.edu>
Date: Monday, August 26, 2013 12:45 PM
To: Srinivas Maddhi <srinivas-mad...@uiowa.edu>
Cc: Galaxy Dev <galaxy-...@bx.psu.edu>
Subject: Re: [galaxy-dev] Login hook

>I am not aware of Galaxy having any sort of login hook as you
>described --- without writing custom code. This brings up the added
>challenge of keeping your custom modifications current with the latest
>release of galaxy.
>
>Another approach, and I am not sure how feasible this is on your
>setup, is to create all these added services during the user
>creation[1] process. On our HPC cluster this is the method we
>implemented. All our users can use SFTP, rsync, BBCP, etc to upload to
>the cluster and the user moves their data to galaxy by the "FTP
>Trick[2]" to their "dropbox" folder that galaxy has access to. Once
>data is moved to the dropbox folder, users login via the galaxy web
>interface and select the data via the Get Data -> Upload File
>interface.
>
>This might be a simpler approach, create these services for each new
>user during their account creation. You will be forced to use the
>command line interface to create new users, but I believe its far
>simpler then using postgres notify or the other methods you described.
>
>[1]: 
>http://dev.list.galaxyproject.org/user-creation-using-API-td4657726.html
>[2]: 
>http://dev.list.galaxyproject.org/user-names-with-authentication-td4659271
>.html
>
>--
>Adam Brenner
>Computer Science, Undergraduate Student
>Donald Bren School of Information and Computer Sciences
>
>Research Computing Support
>Office of Information Technology
>http://www.oit.uci.edu/rcs/
>
>University of California, Irvine
>www.ics.uci.edu/~aebrenne/
>aebre...@uci.edu
>
>
>On Sun, Aug 25, 2013 at 9:39 AM, Maddhi, Srinivas
><srinivas-mad...@uiowa.edu> wrote:
>> Hello,
>>
>> Does Galaxy provide a post-login hook that could be used to trigger an
>> operating system level action upon successful login ?
>>
>> Here is the scenario and use-case where that would come in handy:
>> * Local instance of Galaxy (Nov 2012 release) on a Linux server with a
>> PostgreSQL DB
>> * Upload via FTP feature is enabled
>> * Users are authenticated via LDAP and nginx
>> * Users should be able to securely upload files (to their sub-directory
>> within the configured FTP upload directory)
>>
>> The current method being employed to fulfill this use-case is through a
>> modification to Š/galaxy-dist/lib/galaxy/web/framework/__init__.py file
>> that calls a a shell script which creates an OS-level user and
>>associated
>> FTP upload directory.  Files are uploaded by users via sFTP (SSHD
>> configured to restrict Galaxy users to a chroot'ed directory).
>>
>> Options considered:
>> * Shell/Python script that periodically queries the "galaxy_user" table
>> and creates an OS-level user and FTP upload directory (not yet tried;
>> introduces delay between user creation and FTP capability unless
>>frequency
>> of polling is high)
>> * ProFTPD with sFTP and LDAP modules (increased administrative overhead
>> compared to using built-in SSHD; wasn't able to get auto directory
>> creation to work due to TBD cause)
>> * PostgreSQL listen-notify to call a sFTP user creation script when an
>> insert occurs in the "galaxy_user" table (not yet tried)
>>
>>
>> Thank you.
>>
>> --
>> Senior Systems Administrator
>> Iowa Institute for Human Genetics
>> ITS Research Services, The University of Iowa
>>
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>   http://lists.bx.psu.edu/
>>
>> To search Galaxy mailing lists use the unified search at:
>>   http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Reply via email to