You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by Francesco Chicchiriccò <il...@apache.org> on 2017/01/09 11:59:53 UTC
Re: [IAM PoC] Starting with implementation
Hi all,
semi-formal "ping" for Infra guys: is there anyone available for
supporting this PoC? As said from the beginning, a fundamental
requirement is to have someone playing the customer role, otherwise any
effort is pointless.
Regards.
On 19/12/2016 09:09, Francesco Chicchiricc� wrote:
> Quick update:
>
> 1. Pierre has submitted the first PR for puppet at
> https://github.com/apache/infrastructure-puppet/pull/156
>
> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the
> second commit, exactly 1 year after fist one: time flies):
> https://github.com/apache/iampoc/commit/a155f59362e6f553356e7e52116834837dbda984
>
>
> However, without someone from Infra providing info + specifications,
> there is no much more we can do.
> Infra, please if you're there, knock once.
>
> Regards.
>
> On 16/12/2016 11:13, Francesco Chicchiricc� wrote:
>> HI all,
>> I am happy to report that the VM for the PoC was made available
>> (syncope-vm2.apache.org) - see INFRA-10931.
>> I have been able to successfully access via SSH (sudo does not seem
>> to work, but nothing problematic about this ATM).
>>
>> I know from IRC that Pierre is at work to try to define a first
>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>> Besides such components, the setup process will also need to fetch
>> and build the Maven project from the dedicated GIT repository (see
>> below).
>>
>> Now in fist place I think we should re-attempt to start discussing
>> the actual requirements of this PoC, and then the planning.
>>
>> This means, essentially, to gather some information from the infra team.
>>
>> I propose again to concentrate, from the list shown by Tony in [1],
>> on the first item, e.g. "https://id.apache.org (The end-user part of
>> it)", which triggers these first questions:
>>
>> 1. does the current app exclusively manage data from LDAP?
>> 2. if so, could you provide some details:
>> a. which LDAP server implementation? OpenLDAP?
>> b. which object classes are in use? baseDN(s)?
>> c. which processes / tools are reading from LDAP? which are writing?
>>
>> In INFRA-10931, Greg proposed to provide an LDIF export of the
>> production LDAP servers so that we can setup a local detached copy
>> which we could use for tests.
>>
>> Looking forward to your reply.
>> Regards.
>>
>> On 21/12/2015 17:16, Francesco Chicchiricc� wrote:
>>> Hi all,
>>> we now have our GIT repository at
>>>
>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>
>>> which is also mirrored, as usual, to GitHub.
>>>
>>> As you can see, I have made an initial commit featuring an empty
>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>
>>> Now, waiting for the VM to be available (see INFRA-10931), we can
>>> start defining what is actually going to be part of this PoC, and
>>> how we are going to implement the related features.
>>>
>>> From the list showed by Tony in [1], I'd start with first item, e.g.
>>> "https://id.apache.org (The end-user part of it)".
>>>
>>> Here are some questions:
>>>
>>> 1. does the current app exclusively manage data from LDAP?
>>> 2. if so, could you provide some details:
>>> a. LDAP architecture (replicas, load-balancing, ..)
>>> b. which LDAP server implementation? OpenLDAP?
>>> c. which object classes are in use? baseDN(s)?
>>> d. which processes / tools are reading from LDAP? which are
>>> writing?
>>> e. is there any test LDAP instance available? if not, is it
>>> possible to pre-load some data from the production instances in
>>> order to build a test instance in our development VM?
>>>
>>> Please add questions if you see something missing.
>>>
>>> Regards.
>>>
>>> [1] http://markmail.org/message/utlcjkanilz4qztz
--
Francesco Chicchiricc�
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: [IAM PoC] Starting with implementation
Posted by Francesco Chicchiriccò <il...@apache.org>.
Hi all,
FYI this experiment was officially considered closed - see
https://issues.apache.org/jira/browse/INFRA-10930
Regards.
On 13/01/2017 11:34, Francesco Chicchiriccò wrote:
> On 13/01/2017 10:30, Pierre Smits wrote:
>> Ok. Thanks.
>>
>> I guess one of the next steps will be to change the password of the
>> admin userid to make it more secure.
>
> Definitely.
> Not an hard task, though:
>
> https://syncope.apache.org/docs/reference-guide.html#set-admin-credentials
>
>
> Regards.
>
>> On Fri, Jan 13, 2017 at 9:26 AM, Francesco Chicchiriccò
>> <ilgrosso@apache.org <ma...@apache.org>> wrote:
>>
>> Hi all,
>> I honestly do not see the point of putting any effort (yet) in
>> puppetizing the configurations on syncope-vm2.
>>
>> syncope-vm2 is the VM we are using to implement a PoC, not a
>> production environment.
>>
>> For example, I had to install the OpenLDAP packages to load the
>> ASF Directory dump, in order to have a reference external resource
>> for Syncope. I would not expect this in a production machine.
>>
>> The work to be done there is currently about configuring Syncope
>> (mainly via Admin UI) and possibly developing some extension
>> classes, to be part of the sources hosted at
>>
>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>> <https://git-wip-us.apache.org/repos/asf/iampoc.git>
>>
>> with purpose of building a replacement for https://id.apache.org
>>
>> I expect such work not to be completed anytime son, partly because
>> it is inherently complex, partly because it is done in my own
>> spare time.
>>
>> I agree, indeed, that:
>>
>> 1. leaving all ports open to the wild is not good (especially
>> because there is currently an OpenLDAP instance loaded with the
>> dump from the official ASF Directory), so I have configured
>> iptables to refuse connections on all ports but SSH (see
>> /root/iptables.sh, currently saved via iptables-persistence to
>> survive restarts)
>>
>> At the moment I can easily work with SSH port forwarding; I expect
>> to re-open the ports 80 and 443, to allow connections to
>>
>> * http://idm-poc.apache.org/syncope
>> <http://idm-poc.apache.org/syncope>, redirecting to
>> https://idm-poc.apache.org/syncope
>> <https://idm-poc.apache.org/syncope>
>> * http://idm-poc.apache.org/syncope-console
>> <http://idm-poc.apache.org/syncope-console>, redirecting to
>> https://idm-poc.apache.org/syncope-console
>> <https://idm-poc.apache.org/syncope-console>
>> * http://idm-poc.apache.org/syncope-enduser
>> <http://idm-poc.apache.org/syncope-enduser>, redirecting to
>> https://idm-poc.apache.org/syncope-enduser
>> <https://idm-poc.apache.org/syncope-enduser>
>>
>> as already configured by Pierre.
>>
>> Note: I don't see any reason to enable the Syncope Swagger
>> extension, hence it is perfectly expected that
>>
>> /syncope/swagger
>>
>> returns nothing.
>>
>> 2. being the tomcat8 packages installed, there is almost no reason
>> (but the unavailability of Tomcat 8.5 as deb package, but this is
>> another story...) to use the manual Tomcat deployment under /opt,
>> I will remove that soon
>>
>> Regards.
>>
>> On 12/01/2017 22:58, Pierre Smits wrote:
>>
>> Tony,
>>
>> Francesco didn't install the syncope wars in/on the puppet
>> configured
>> Tomcat, but did a new Tomcat installation in /opt.
>>
>> So we need to figure out how to do that correction there, or
>> redeploy
>> syncope in the puppet controlled Tomcat.
>>
>> On Thu, Jan 12, 2017 at 10:48 PM, Tony Stevenson
>> <pctony@apache.org <ma...@apache.org>> wrote:
>>
>> On Jan 12, 2017, at 1:22 PM, Pierre Smits
>> <pierre.smits@gmail.com
>> <ma...@gmail.com>> wrote:
>>
>> Please do not use the syncope implementation via the
>> unencrypted tomcat port 8080/
>>
>> Then configure tomcat to only listen on loopback, or only
>> allow access
>> from the local interface then. Better yet change the
>> firewall rules. Or do
>> both. ;)
>>
>> Assuming the VM is in puppet the firewall rules should be
>> a few lines of
>> config.
>>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: [IAM PoC] Starting with implementation
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 13/01/2017 10:30, Pierre Smits wrote:
> Ok. Thanks.
>
> I guess one of the next steps will be to change the password of the
> admin userid to make it more secure.
Definitely.
Not an hard task, though:
https://syncope.apache.org/docs/reference-guide.html#set-admin-credentials
Regards.
> On Fri, Jan 13, 2017 at 9:26 AM, Francesco Chicchiricc�
> <ilgrosso@apache.org <ma...@apache.org>> wrote:
>
> Hi all,
> I honestly do not see the point of putting any effort (yet) in
> puppetizing the configurations on syncope-vm2.
>
> syncope-vm2 is the VM we are using to implement a PoC, not a
> production environment.
>
> For example, I had to install the OpenLDAP packages to load the
> ASF Directory dump, in order to have a reference external resource
> for Syncope. I would not expect this in a production machine.
>
> The work to be done there is currently about configuring Syncope
> (mainly via Admin UI) and possibly developing some extension
> classes, to be part of the sources hosted at
>
> https://git-wip-us.apache.org/repos/asf/iampoc.git
> <https://git-wip-us.apache.org/repos/asf/iampoc.git>
>
> with purpose of building a replacement for https://id.apache.org
>
> I expect such work not to be completed anytime son, partly because
> it is inherently complex, partly because it is done in my own
> spare time.
>
> I agree, indeed, that:
>
> 1. leaving all ports open to the wild is not good (especially
> because there is currently an OpenLDAP instance loaded with the
> dump from the official ASF Directory), so I have configured
> iptables to refuse connections on all ports but SSH (see
> /root/iptables.sh, currently saved via iptables-persistence to
> survive restarts)
>
> At the moment I can easily work with SSH port forwarding; I expect
> to re-open the ports 80 and 443, to allow connections to
>
> * http://idm-poc.apache.org/syncope
> <http://idm-poc.apache.org/syncope>, redirecting to
> https://idm-poc.apache.org/syncope
> <https://idm-poc.apache.org/syncope>
> * http://idm-poc.apache.org/syncope-console
> <http://idm-poc.apache.org/syncope-console>, redirecting to
> https://idm-poc.apache.org/syncope-console
> <https://idm-poc.apache.org/syncope-console>
> * http://idm-poc.apache.org/syncope-enduser
> <http://idm-poc.apache.org/syncope-enduser>, redirecting to
> https://idm-poc.apache.org/syncope-enduser
> <https://idm-poc.apache.org/syncope-enduser>
>
> as already configured by Pierre.
>
> Note: I don't see any reason to enable the Syncope Swagger
> extension, hence it is perfectly expected that
>
> /syncope/swagger
>
> returns nothing.
>
> 2. being the tomcat8 packages installed, there is almost no reason
> (but the unavailability of Tomcat 8.5 as deb package, but this is
> another story...) to use the manual Tomcat deployment under /opt,
> I will remove that soon
>
> Regards.
>
> On 12/01/2017 22:58, Pierre Smits wrote:
>
> Tony,
>
> Francesco didn't install the syncope wars in/on the puppet
> configured
> Tomcat, but did a new Tomcat installation in /opt.
>
> So we need to figure out how to do that correction there, or
> redeploy
> syncope in the puppet controlled Tomcat.
>
> On Thu, Jan 12, 2017 at 10:48 PM, Tony Stevenson
> <pctony@apache.org <ma...@apache.org>> wrote:
>
> On Jan 12, 2017, at 1:22 PM, Pierre Smits
> <pierre.smits@gmail.com
> <ma...@gmail.com>> wrote:
>
> Please do not use the syncope implementation via the
> unencrypted tomcat port 8080/
>
> Then configure tomcat to only listen on loopback, or only
> allow access
> from the local interface then. Better yet change the
> firewall rules. Or do
> both. ;)
>
> Assuming the VM is in puppet the firewall rules should be
> a few lines of
> config.
>
--
Francesco Chicchiricc�
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: [IAM PoC] Starting with implementation
Posted by Pierre Smits <pi...@gmail.com>.
Ok. Thanks.
I guess one of the next steps will be to change the password of the admin
userid to make it more secure.
Best regards,
Pierre Smits
ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services
OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/
On Fri, Jan 13, 2017 at 9:26 AM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:
> Hi all,
> I honestly do not see the point of putting any effort (yet) in puppetizing
> the configurations on syncope-vm2.
>
> syncope-vm2 is the VM we are using to implement a PoC, not a production
> environment.
>
> For example, I had to install the OpenLDAP packages to load the ASF
> Directory dump, in order to have a reference external resource for Syncope.
> I would not expect this in a production machine.
>
> The work to be done there is currently about configuring Syncope (mainly
> via Admin UI) and possibly developing some extension classes, to be part of
> the sources hosted at
>
> https://git-wip-us.apache.org/repos/asf/iampoc.git
>
> with purpose of building a replacement for https://id.apache.org
>
> I expect such work not to be completed anytime son, partly because it is
> inherently complex, partly because it is done in my own spare time.
>
> I agree, indeed, that:
>
> 1. leaving all ports open to the wild is not good (especially because
> there is currently an OpenLDAP instance loaded with the dump from the
> official ASF Directory), so I have configured iptables to refuse
> connections on all ports but SSH (see /root/iptables.sh, currently saved
> via iptables-persistence to survive restarts)
>
> At the moment I can easily work with SSH port forwarding; I expect to
> re-open the ports 80 and 443, to allow connections to
>
> * http://idm-poc.apache.org/syncope, redirecting to
> https://idm-poc.apache.org/syncope
> * http://idm-poc.apache.org/syncope-console, redirecting to
> https://idm-poc.apache.org/syncope-console
> * http://idm-poc.apache.org/syncope-enduser, redirecting to
> https://idm-poc.apache.org/syncope-enduser
>
> as already configured by Pierre.
>
> Note: I don't see any reason to enable the Syncope Swagger extension,
> hence it is perfectly expected that
>
> /syncope/swagger
>
> returns nothing.
>
> 2. being the tomcat8 packages installed, there is almost no reason (but
> the unavailability of Tomcat 8.5 as deb package, but this is another
> story...) to use the manual Tomcat deployment under /opt, I will remove
> that soon
>
> Regards.
>
> On 12/01/2017 22:58, Pierre Smits wrote:
>
>> Tony,
>>
>> Francesco didn't install the syncope wars in/on the puppet configured
>> Tomcat, but did a new Tomcat installation in /opt.
>>
>> So we need to figure out how to do that correction there, or redeploy
>> syncope in the puppet controlled Tomcat.
>>
>> On Thu, Jan 12, 2017 at 10:48 PM, Tony Stevenson <pc...@apache.org>
>> wrote:
>>
>> On Jan 12, 2017, at 1:22 PM, Pierre Smits <pi...@gmail.com> wrote:
>>>>
>>>> Please do not use the syncope implementation via the unencrypted tomcat
>>>> port 8080/
>>>>
>>> Then configure tomcat to only listen on loopback, or only allow access
>>> from the local interface then. Better yet change the firewall rules. Or
>>> do
>>> both. ;)
>>>
>>> Assuming the VM is in puppet the firewall rules should be a few lines of
>>> config.
>>>
>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>
>
Re: [IAM PoC] Starting with implementation
Posted by Francesco Chicchiriccò <il...@apache.org>.
Hi all,
I honestly do not see the point of putting any effort (yet) in
puppetizing the configurations on syncope-vm2.
syncope-vm2 is the VM we are using to implement a PoC, not a production
environment.
For example, I had to install the OpenLDAP packages to load the ASF
Directory dump, in order to have a reference external resource for
Syncope. I would not expect this in a production machine.
The work to be done there is currently about configuring Syncope (mainly
via Admin UI) and possibly developing some extension classes, to be part
of the sources hosted at
https://git-wip-us.apache.org/repos/asf/iampoc.git
with purpose of building a replacement for https://id.apache.org
I expect such work not to be completed anytime son, partly because it is
inherently complex, partly because it is done in my own spare time.
I agree, indeed, that:
1. leaving all ports open to the wild is not good (especially because
there is currently an OpenLDAP instance loaded with the dump from the
official ASF Directory), so I have configured iptables to refuse
connections on all ports but SSH (see /root/iptables.sh, currently saved
via iptables-persistence to survive restarts)
At the moment I can easily work with SSH port forwarding; I expect to
re-open the ports 80 and 443, to allow connections to
* http://idm-poc.apache.org/syncope, redirecting to
https://idm-poc.apache.org/syncope
* http://idm-poc.apache.org/syncope-console, redirecting to
https://idm-poc.apache.org/syncope-console
* http://idm-poc.apache.org/syncope-enduser, redirecting to
https://idm-poc.apache.org/syncope-enduser
as already configured by Pierre.
Note: I don't see any reason to enable the Syncope Swagger extension,
hence it is perfectly expected that
/syncope/swagger
returns nothing.
2. being the tomcat8 packages installed, there is almost no reason (but
the unavailability of Tomcat 8.5 as deb package, but this is another
story...) to use the manual Tomcat deployment under /opt, I will remove
that soon
Regards.
On 12/01/2017 22:58, Pierre Smits wrote:
> Tony,
>
> Francesco didn't install the syncope wars in/on the puppet configured
> Tomcat, but did a new Tomcat installation in /opt.
>
> So we need to figure out how to do that correction there, or redeploy
> syncope in the puppet controlled Tomcat.
>
> On Thu, Jan 12, 2017 at 10:48 PM, Tony Stevenson <pc...@apache.org> wrote:
>
>>> On Jan 12, 2017, at 1:22 PM, Pierre Smits <pi...@gmail.com> wrote:
>>>
>>> Please do not use the syncope implementation via the unencrypted tomcat port 8080/
>> Then configure tomcat to only listen on loopback, or only allow access
>> from the local interface then. Better yet change the firewall rules. Or do
>> both. ;)
>>
>> Assuming the VM is in puppet the firewall rules should be a few lines of
>> config.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: [IAM PoC] Starting with implementation
Posted by Pierre Smits <pi...@gmail.com>.
Tony,
Francesco didn't install the syncope wars in/on the puppet configured
Tomcat, but did a new Tomcat installation in /opt.
So we need to figure out how to do that correction there, or redeploy
syncope in the puppet controlled Tomcat.
Best regards,
Pierre Smits
ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services
OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/
On Thu, Jan 12, 2017 at 10:48 PM, Tony Stevenson <pc...@apache.org> wrote:
>
>
> > On Jan 12, 2017, at 1:22 PM, Pierre Smits <pi...@gmail.com>
> wrote:
> >
> > Please do not use the syncope implementation via the unencrypted tomcat
> port 8080/
> >
>
> Then configure tomcat to only listen on loopback, or only allow access
> from the local interface then. Better yet change the firewall rules. Or do
> both. ;)
>
> Assuming the VM is in puppet the firewall rules should be a few lines of
> config.
>
>
>
>
> --
> Cheers,
> Tony
>
> -----------------------
> http://www.pc-tony.com
> GPG - 3072D/2543E323
> -----------------------
>
>
>
Re: [IAM PoC] Starting with implementation
Posted by Tony Stevenson <pc...@apache.org>.
> On Jan 12, 2017, at 1:22 PM, Pierre Smits <pi...@gmail.com> wrote:
>
> Please do not use the syncope implementation via the unencrypted tomcat port 8080/
>
Then configure tomcat to only listen on loopback, or only allow access from the local interface then. Better yet change the firewall rules. Or do both. ;)
Assuming the VM is in puppet the firewall rules should be a few lines of config.
--
Cheers,
Tony
-----------------------
http://www.pc-tony.com
GPG - 3072D/2543E323
-----------------------
Re: [IAM PoC] Starting with implementation
Posted by Pierre Smits <pi...@gmail.com>.
I have configured the Apache HTTPD as the proxy server for the syncope
deployment over ssl
Following url's can now be used:
- http://idm-poc.apache.org/syncope, redirecting to
https://idm-poc.apache.org/syncope
- http://idm-poc.apache.org/syncope-console, redirecting to
https://idm-poc.apache.org/syncope-console
- http://idm-poc.apache.org/syncope-enduser, redirecting to
https://idm-poc.apache.org/syncope-enduser
I still have to look at aspects like:
- https://idm-poc.apache.org/syncope/swagger
As this doesn't work correctly. But then again,
http://idm-poc.apache.org:8080/syncope/swagger doesn't work either.
Please do *not* use the syncope implementation via the unencrypted tomcat
port 8080/
Best regards,
Pierre Smits
ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services
OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/
On Thu, Jan 12, 2017 at 8:23 PM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:
> Il 12 gennaio 2017 19:23:37 CET, Pierre Smits <pi...@gmail.com> ha
> scritto:
> >I see that the syncope-vm is working. But did we use the preconfigured
> >installations of tomcat and postgresql (the client for connection to a
> >ASF
> >psql setup)?
>
> syncope-vm.apache.org hosts our public demo, see
>
> http://syncope.apache.org/demo.html
>
> I am working on syncope-vm2 with manual Tomcat deployment (and PostgreSQL)
> of the artifacts built from the POC GIT repository.
>
> Regards.
>
> >On Thu, Jan 12, 2017 at 5:14 PM, Francesco Chicchiriccò
> ><ilgrosso@apache.org
> >> wrote:
> >
> >> Hi,
> >> quick update: I have defined some schemas and the local LDAP resource
> >with
> >> provision for both users and groups: at the moment browsing the
> >resource
> >> from Syncope Admin UI works fine.
> >>
> >> Regards.
> >>
> >> On 11/01/2017 16:12, Francesco Chicchiriccò wrote:
> >>
> >>> On 11/01/2017 12:42, Francesco Chicchiriccò wrote:
> >>>
> >>>> On 10/01/2017 23:56, Chris Lambertus wrote:
> >>>>
> >>>>> Yes, I am available. I will provide you an export of our existing
> >LDAP
> >>>>> repository and pointers to our schemas.
> >>>>>
> >>>>
> >>>> Thanks Chris, looks good!
> >>>>
> >>>> In answer to your questions below regarding id.a.o:
> >>>>>
> >>>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as
> >a
> >>>>> self-service tool.
> >>>>>
> >>>>> 2a) OpenLDAP
> >>>>> 2b) A variety including some custom schemas which I will make
> >available
> >>>>> you along with the ldif.
> >>>>> 2c) There are MANY processes and tools which read and write from
> >LDAP.
> >>>>>
> >>>>> The initial scope of the PoC should be to provision Syncope as an
> >admin
> >>>>> and end-user UI for maintaining attributes related to LDAP
> >accounts
> >>>>> (committers, staff) as a potential replacement for the
> >id.apache.org <
> >>>>> http://id.apache.org> service. Once we’ve explored the key
> >>>>> functionality of a test/demo implementation, we can look at what
> >it would
> >>>>> take to replace the service in production, along with integrating
> >other
> >>>>> tools related to account creation.
> >>>>>
> >>>>
> >>>> I completely agree.
> >>>>
> >>>> AFAICT, the identified tasks are:
> >>>>
> >>>> 1. setup an OpenLDAP instance with the content and configuration
> >>>> provided
> >>>> 2. configure the Syncope entities: schemas, realms, resource,
> >tasks, ...
> >>>> 3. configure / customize the Enduser UI
> >>>>
> >>>> I will start with task (1), manual installation; not sure if it
> >makes
> >>>> sense to puppet-ize that: if so, Pierre could possibly help.
> >>>>
> >>>
> >>> Updated: thanks to the LDIF dump saved under
> >>>
> >>> /root/asf-20170110.ldif on syncope-vm2
> >>>
> >>> and the LDAP conf chunks I could derive from
> >>>
> >>> https://github.com/apache/infrastructure-puppet/tree/deploym
> >>> ent/modules/ldapserver
> >>>
> >>> I was finally able to successfully import everything; the OpenLDAP
> >>> instance is currently up and running, ready to rumble.
> >>>
> >>> FYI I have placed a copy of the resulting slapd.conf under /root on
> >>> syncope-vm2
> >>>
> >>> Any other volunteer?
> >>>>
> >>>> Regards.
> >>>>
> >>>>
> >>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò
> ><ilgrosso@apache.org
> >>>>>> <ma...@apache.org>> wrote:
> >>>>>>
> >>>>>> Hi all,
> >>>>>> semi-formal "ping" for Infra guys: is there anyone available for
> >>>>>> supporting this PoC? As said from the beginning, a fundamental
> >requirement
> >>>>>> is to have someone playing the customer role, otherwise any
> >effort is
> >>>>>> pointless.
> >>>>>>
> >>>>>> Regards.
> >>>>>>
> >>>>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
> >>>>>>
> >>>>>>> Quick update:
> >>>>>>>
> >>>>>>> 1. Pierre has submitted the first PR for puppet at
> >>>>>>> https://github.com/apache/infrastructure-puppet/pull/156
> >>>>>>>
> >>>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the
> >>>>>>> second commit, exactly 1 year after fist one: time flies):
> >>>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e
> >>>>>>> 7e52116834837dbda984
> >>>>>>>
> >>>>>>> However, without someone from Infra providing info +
> >specifications,
> >>>>>>> there is no much more we can do.
> >>>>>>> Infra, please if you're there, knock once.
> >>>>>>>
> >>>>>>> Regards.
> >>>>>>>
> >>>>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
> >>>>>>>
> >>>>>>>> HI all,
> >>>>>>>> I am happy to report that the VM for the PoC was made available
> >(
> >>>>>>>> syncope-vm2.apache.org) - see INFRA-10931.
> >>>>>>>> I have been able to successfully access via SSH (sudo does not
> >seem
> >>>>>>>> to work, but nothing problematic about this ATM).
> >>>>>>>>
> >>>>>>>> I know from IRC that Pierre is at work to try to define a first
> >>>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and
> >PostgreSQL.
> >>>>>>>> Besides such components, the setup process will also need to
> >fetch
> >>>>>>>> and build the Maven project from the dedicated GIT repository
> >(see below).
> >>>>>>>>
> >>>>>>>> Now in fist place I think we should re-attempt to start
> >discussing
> >>>>>>>> the actual requirements of this PoC, and then the planning.
> >>>>>>>>
> >>>>>>>> This means, essentially, to gather some information from the
> >infra
> >>>>>>>> team.
> >>>>>>>>
> >>>>>>>> I propose again to concentrate, from the list shown by Tony in
> >[1],
> >>>>>>>> on the first item, e.g. "https://id.apache.org (The end-user
> >part
> >>>>>>>> of it)", which triggers these first questions:
> >>>>>>>>
> >>>>>>>> 1. does the current app exclusively manage data from LDAP?
> >>>>>>>> 2. if so, could you provide some details:
> >>>>>>>> a. which LDAP server implementation? OpenLDAP?
> >>>>>>>> b. which object classes are in use? baseDN(s)?
> >>>>>>>> c. which processes / tools are reading from LDAP? which are
> >>>>>>>> writing?
> >>>>>>>>
> >>>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the
> >>>>>>>> production LDAP servers so that we can setup a local detached
> >copy which we
> >>>>>>>> could use for tests.
> >>>>>>>>
> >>>>>>>> Looking forward to your reply.
> >>>>>>>> Regards.
> >>>>>>>>
> >>>>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
> >>>>>>>>
> >>>>>>>>> Hi all,
> >>>>>>>>> we now have our GIT repository at
> >>>>>>>>>
> >>>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
> >>>>>>>>>
> >>>>>>>>> which is also mirrored, as usual, to GitHub.
> >>>>>>>>>
> >>>>>>>>> As you can see, I have made an initial commit featuring an
> >empty
> >>>>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
> >>>>>>>>>
> >>>>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we
> >can
> >>>>>>>>> start defining what is actually going to be part of this PoC,
> >and how we
> >>>>>>>>> are going to implement the related features.
> >>>>>>>>>
> >>>>>>>>> From the list showed by Tony in [1], I'd start with first
> >item,
> >>>>>>>>> e.g. "https://id.apache.org (The end-user part of it)".
> >>>>>>>>>
> >>>>>>>>> Here are some questions:
> >>>>>>>>>
> >>>>>>>>> 1. does the current app exclusively manage data from LDAP?
> >>>>>>>>> 2. if so, could you provide some details:
> >>>>>>>>> a. LDAP architecture (replicas, load-balancing, ..)
> >>>>>>>>> b. which LDAP server implementation? OpenLDAP?
> >>>>>>>>> c. which object classes are in use? baseDN(s)?
> >>>>>>>>> d. which processes / tools are reading from LDAP? which are
> >>>>>>>>> writing?
> >>>>>>>>> e. is there any test LDAP instance available? if not, is it
> >>>>>>>>> possible to pre-load some data from the production instances
> >in order to
> >>>>>>>>> build a test instance in our development VM?
> >>>>>>>>>
> >>>>>>>>> Please add questions if you see something missing.
> >>>>>>>>>
> >>>>>>>>> Regards.
> >>>>>>>>>
> >>>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
> >>>>>>>>>
> >>>>>>>>
> >> --
> >> Francesco Chicchiriccò
> >>
> >> Tirasa - Open Source Excellence
> >> http://www.tirasa.net/
> >>
> >> Member at The Apache Software Foundation
> >> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> >> http://home.apache.org/~ilgrosso/
> >>
> >>
>
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF,
> OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
Re: [IAM PoC] Starting with implementation
Posted by Francesco Chicchiriccò <il...@apache.org>.
Il 12 gennaio 2017 19:23:37 CET, Pierre Smits <pi...@gmail.com> ha scritto:
>I see that the syncope-vm is working. But did we use the preconfigured
>installations of tomcat and postgresql (the client for connection to a
>ASF
>psql setup)?
syncope-vm.apache.org hosts our public demo, see
http://syncope.apache.org/demo.html
I am working on syncope-vm2 with manual Tomcat deployment (and PostgreSQL) of the artifacts built from the POC GIT repository.
Regards.
>On Thu, Jan 12, 2017 at 5:14 PM, Francesco Chicchiriccò
><ilgrosso@apache.org
>> wrote:
>
>> Hi,
>> quick update: I have defined some schemas and the local LDAP resource
>with
>> provision for both users and groups: at the moment browsing the
>resource
>> from Syncope Admin UI works fine.
>>
>> Regards.
>>
>> On 11/01/2017 16:12, Francesco Chicchiriccò wrote:
>>
>>> On 11/01/2017 12:42, Francesco Chicchiriccò wrote:
>>>
>>>> On 10/01/2017 23:56, Chris Lambertus wrote:
>>>>
>>>>> Yes, I am available. I will provide you an export of our existing
>LDAP
>>>>> repository and pointers to our schemas.
>>>>>
>>>>
>>>> Thanks Chris, looks good!
>>>>
>>>> In answer to your questions below regarding id.a.o:
>>>>>
>>>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as
>a
>>>>> self-service tool.
>>>>>
>>>>> 2a) OpenLDAP
>>>>> 2b) A variety including some custom schemas which I will make
>available
>>>>> you along with the ldif.
>>>>> 2c) There are MANY processes and tools which read and write from
>LDAP.
>>>>>
>>>>> The initial scope of the PoC should be to provision Syncope as an
>admin
>>>>> and end-user UI for maintaining attributes related to LDAP
>accounts
>>>>> (committers, staff) as a potential replacement for the
>id.apache.org <
>>>>> http://id.apache.org> service. Once we’ve explored the key
>>>>> functionality of a test/demo implementation, we can look at what
>it would
>>>>> take to replace the service in production, along with integrating
>other
>>>>> tools related to account creation.
>>>>>
>>>>
>>>> I completely agree.
>>>>
>>>> AFAICT, the identified tasks are:
>>>>
>>>> 1. setup an OpenLDAP instance with the content and configuration
>>>> provided
>>>> 2. configure the Syncope entities: schemas, realms, resource,
>tasks, ...
>>>> 3. configure / customize the Enduser UI
>>>>
>>>> I will start with task (1), manual installation; not sure if it
>makes
>>>> sense to puppet-ize that: if so, Pierre could possibly help.
>>>>
>>>
>>> Updated: thanks to the LDIF dump saved under
>>>
>>> /root/asf-20170110.ldif on syncope-vm2
>>>
>>> and the LDAP conf chunks I could derive from
>>>
>>> https://github.com/apache/infrastructure-puppet/tree/deploym
>>> ent/modules/ldapserver
>>>
>>> I was finally able to successfully import everything; the OpenLDAP
>>> instance is currently up and running, ready to rumble.
>>>
>>> FYI I have placed a copy of the resulting slapd.conf under /root on
>>> syncope-vm2
>>>
>>> Any other volunteer?
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò
><ilgrosso@apache.org
>>>>>> <ma...@apache.org>> wrote:
>>>>>>
>>>>>> Hi all,
>>>>>> semi-formal "ping" for Infra guys: is there anyone available for
>>>>>> supporting this PoC? As said from the beginning, a fundamental
>requirement
>>>>>> is to have someone playing the customer role, otherwise any
>effort is
>>>>>> pointless.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>>>>>>
>>>>>>> Quick update:
>>>>>>>
>>>>>>> 1. Pierre has submitted the first PR for puppet at
>>>>>>> https://github.com/apache/infrastructure-puppet/pull/156
>>>>>>>
>>>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the
>>>>>>> second commit, exactly 1 year after fist one: time flies):
>>>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e
>>>>>>> 7e52116834837dbda984
>>>>>>>
>>>>>>> However, without someone from Infra providing info +
>specifications,
>>>>>>> there is no much more we can do.
>>>>>>> Infra, please if you're there, knock once.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>>>>>>
>>>>>>>> HI all,
>>>>>>>> I am happy to report that the VM for the PoC was made available
>(
>>>>>>>> syncope-vm2.apache.org) - see INFRA-10931.
>>>>>>>> I have been able to successfully access via SSH (sudo does not
>seem
>>>>>>>> to work, but nothing problematic about this ATM).
>>>>>>>>
>>>>>>>> I know from IRC that Pierre is at work to try to define a first
>>>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and
>PostgreSQL.
>>>>>>>> Besides such components, the setup process will also need to
>fetch
>>>>>>>> and build the Maven project from the dedicated GIT repository
>(see below).
>>>>>>>>
>>>>>>>> Now in fist place I think we should re-attempt to start
>discussing
>>>>>>>> the actual requirements of this PoC, and then the planning.
>>>>>>>>
>>>>>>>> This means, essentially, to gather some information from the
>infra
>>>>>>>> team.
>>>>>>>>
>>>>>>>> I propose again to concentrate, from the list shown by Tony in
>[1],
>>>>>>>> on the first item, e.g. "https://id.apache.org (The end-user
>part
>>>>>>>> of it)", which triggers these first questions:
>>>>>>>>
>>>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>>>> 2. if so, could you provide some details:
>>>>>>>> a. which LDAP server implementation? OpenLDAP?
>>>>>>>> b. which object classes are in use? baseDN(s)?
>>>>>>>> c. which processes / tools are reading from LDAP? which are
>>>>>>>> writing?
>>>>>>>>
>>>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the
>>>>>>>> production LDAP servers so that we can setup a local detached
>copy which we
>>>>>>>> could use for tests.
>>>>>>>>
>>>>>>>> Looking forward to your reply.
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>> we now have our GIT repository at
>>>>>>>>>
>>>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>>>>>>
>>>>>>>>> which is also mirrored, as usual, to GitHub.
>>>>>>>>>
>>>>>>>>> As you can see, I have made an initial commit featuring an
>empty
>>>>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>>>>>
>>>>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we
>can
>>>>>>>>> start defining what is actually going to be part of this PoC,
>and how we
>>>>>>>>> are going to implement the related features.
>>>>>>>>>
>>>>>>>>> From the list showed by Tony in [1], I'd start with first
>item,
>>>>>>>>> e.g. "https://id.apache.org (The end-user part of it)".
>>>>>>>>>
>>>>>>>>> Here are some questions:
>>>>>>>>>
>>>>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>>>>> 2. if so, could you provide some details:
>>>>>>>>> a. LDAP architecture (replicas, load-balancing, ..)
>>>>>>>>> b. which LDAP server implementation? OpenLDAP?
>>>>>>>>> c. which object classes are in use? baseDN(s)?
>>>>>>>>> d. which processes / tools are reading from LDAP? which are
>>>>>>>>> writing?
>>>>>>>>> e. is there any test LDAP instance available? if not, is it
>>>>>>>>> possible to pre-load some data from the production instances
>in order to
>>>>>>>>> build a test instance in our development VM?
>>>>>>>>>
>>>>>>>>> Please add questions if you see something missing.
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
>>>>>>>>>
>>>>>>>>
>> --
>> Francesco Chicchiriccò
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> Member at The Apache Software Foundation
>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>> http://home.apache.org/~ilgrosso/
>>
>>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: [IAM PoC] Starting with implementation
Posted by Pierre Smits <pi...@gmail.com>.
I see that the syncope-vm is working. But did we use the preconfigured
installations of tomcat and postgresql (the client for connection to a ASF
psql setup)?
Best regards,
Pierre Smits
ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services
OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/
On Thu, Jan 12, 2017 at 5:14 PM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:
> Hi,
> quick update: I have defined some schemas and the local LDAP resource with
> provision for both users and groups: at the moment browsing the resource
> from Syncope Admin UI works fine.
>
> Regards.
>
> On 11/01/2017 16:12, Francesco Chicchiriccò wrote:
>
>> On 11/01/2017 12:42, Francesco Chicchiriccò wrote:
>>
>>> On 10/01/2017 23:56, Chris Lambertus wrote:
>>>
>>>> Yes, I am available. I will provide you an export of our existing LDAP
>>>> repository and pointers to our schemas.
>>>>
>>>
>>> Thanks Chris, looks good!
>>>
>>> In answer to your questions below regarding id.a.o:
>>>>
>>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as a
>>>> self-service tool.
>>>>
>>>> 2a) OpenLDAP
>>>> 2b) A variety including some custom schemas which I will make available
>>>> you along with the ldif.
>>>> 2c) There are MANY processes and tools which read and write from LDAP.
>>>>
>>>> The initial scope of the PoC should be to provision Syncope as an admin
>>>> and end-user UI for maintaining attributes related to LDAP accounts
>>>> (committers, staff) as a potential replacement for the id.apache.org <
>>>> http://id.apache.org> service. Once we’ve explored the key
>>>> functionality of a test/demo implementation, we can look at what it would
>>>> take to replace the service in production, along with integrating other
>>>> tools related to account creation.
>>>>
>>>
>>> I completely agree.
>>>
>>> AFAICT, the identified tasks are:
>>>
>>> 1. setup an OpenLDAP instance with the content and configuration
>>> provided
>>> 2. configure the Syncope entities: schemas, realms, resource, tasks, ...
>>> 3. configure / customize the Enduser UI
>>>
>>> I will start with task (1), manual installation; not sure if it makes
>>> sense to puppet-ize that: if so, Pierre could possibly help.
>>>
>>
>> Updated: thanks to the LDIF dump saved under
>>
>> /root/asf-20170110.ldif on syncope-vm2
>>
>> and the LDAP conf chunks I could derive from
>>
>> https://github.com/apache/infrastructure-puppet/tree/deploym
>> ent/modules/ldapserver
>>
>> I was finally able to successfully import everything; the OpenLDAP
>> instance is currently up and running, ready to rumble.
>>
>> FYI I have placed a copy of the resulting slapd.conf under /root on
>> syncope-vm2
>>
>> Any other volunteer?
>>>
>>> Regards.
>>>
>>>
>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò <ilgrosso@apache.org
>>>>> <ma...@apache.org>> wrote:
>>>>>
>>>>> Hi all,
>>>>> semi-formal "ping" for Infra guys: is there anyone available for
>>>>> supporting this PoC? As said from the beginning, a fundamental requirement
>>>>> is to have someone playing the customer role, otherwise any effort is
>>>>> pointless.
>>>>>
>>>>> Regards.
>>>>>
>>>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>>>>>
>>>>>> Quick update:
>>>>>>
>>>>>> 1. Pierre has submitted the first PR for puppet at
>>>>>> https://github.com/apache/infrastructure-puppet/pull/156
>>>>>>
>>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the
>>>>>> second commit, exactly 1 year after fist one: time flies):
>>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e
>>>>>> 7e52116834837dbda984
>>>>>>
>>>>>> However, without someone from Infra providing info + specifications,
>>>>>> there is no much more we can do.
>>>>>> Infra, please if you're there, knock once.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>>>>>
>>>>>>> HI all,
>>>>>>> I am happy to report that the VM for the PoC was made available (
>>>>>>> syncope-vm2.apache.org) - see INFRA-10931.
>>>>>>> I have been able to successfully access via SSH (sudo does not seem
>>>>>>> to work, but nothing problematic about this ATM).
>>>>>>>
>>>>>>> I know from IRC that Pierre is at work to try to define a first
>>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>>>>>> Besides such components, the setup process will also need to fetch
>>>>>>> and build the Maven project from the dedicated GIT repository (see below).
>>>>>>>
>>>>>>> Now in fist place I think we should re-attempt to start discussing
>>>>>>> the actual requirements of this PoC, and then the planning.
>>>>>>>
>>>>>>> This means, essentially, to gather some information from the infra
>>>>>>> team.
>>>>>>>
>>>>>>> I propose again to concentrate, from the list shown by Tony in [1],
>>>>>>> on the first item, e.g. "https://id.apache.org (The end-user part
>>>>>>> of it)", which triggers these first questions:
>>>>>>>
>>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>>> 2. if so, could you provide some details:
>>>>>>> a. which LDAP server implementation? OpenLDAP?
>>>>>>> b. which object classes are in use? baseDN(s)?
>>>>>>> c. which processes / tools are reading from LDAP? which are
>>>>>>> writing?
>>>>>>>
>>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the
>>>>>>> production LDAP servers so that we can setup a local detached copy which we
>>>>>>> could use for tests.
>>>>>>>
>>>>>>> Looking forward to your reply.
>>>>>>> Regards.
>>>>>>>
>>>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>> we now have our GIT repository at
>>>>>>>>
>>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>>>>>
>>>>>>>> which is also mirrored, as usual, to GitHub.
>>>>>>>>
>>>>>>>> As you can see, I have made an initial commit featuring an empty
>>>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>>>>
>>>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we can
>>>>>>>> start defining what is actually going to be part of this PoC, and how we
>>>>>>>> are going to implement the related features.
>>>>>>>>
>>>>>>>> From the list showed by Tony in [1], I'd start with first item,
>>>>>>>> e.g. "https://id.apache.org (The end-user part of it)".
>>>>>>>>
>>>>>>>> Here are some questions:
>>>>>>>>
>>>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>>>> 2. if so, could you provide some details:
>>>>>>>> a. LDAP architecture (replicas, load-balancing, ..)
>>>>>>>> b. which LDAP server implementation? OpenLDAP?
>>>>>>>> c. which object classes are in use? baseDN(s)?
>>>>>>>> d. which processes / tools are reading from LDAP? which are
>>>>>>>> writing?
>>>>>>>> e. is there any test LDAP instance available? if not, is it
>>>>>>>> possible to pre-load some data from the production instances in order to
>>>>>>>> build a test instance in our development VM?
>>>>>>>>
>>>>>>>> Please add questions if you see something missing.
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
>>>>>>>>
>>>>>>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>
Re: [IAM PoC] Starting with implementation
Posted by Francesco Chicchiriccò <il...@apache.org>.
Hi,
quick update: I have defined some schemas and the local LDAP resource
with provision for both users and groups: at the moment browsing the
resource from Syncope Admin UI works fine.
Regards.
On 11/01/2017 16:12, Francesco Chicchiricc� wrote:
> On 11/01/2017 12:42, Francesco Chicchiricc� wrote:
>> On 10/01/2017 23:56, Chris Lambertus wrote:
>>> Yes, I am available. I will provide you an export of our existing
>>> LDAP repository and pointers to our schemas.
>>
>> Thanks Chris, looks good!
>>
>>> In answer to your questions below regarding id.a.o:
>>>
>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as a
>>> self-service tool.
>>>
>>> 2a) OpenLDAP
>>> 2b) A variety including some custom schemas which I will make
>>> available you along with the ldif.
>>> 2c) There are MANY processes and tools which read and write from LDAP.
>>>
>>> The initial scope of the PoC should be to provision Syncope as an
>>> admin and end-user UI for maintaining attributes related to LDAP
>>> accounts (committers, staff) as a potential replacement for the
>>> id.apache.org <http://id.apache.org> service. Once we\u2019ve explored
>>> the key functionality of a test/demo implementation, we can look at
>>> what it would take to replace the service in production, along with
>>> integrating other tools related to account creation.
>>
>> I completely agree.
>>
>> AFAICT, the identified tasks are:
>>
>> 1. setup an OpenLDAP instance with the content and configuration
>> provided
>> 2. configure the Syncope entities: schemas, realms, resource, tasks, ...
>> 3. configure / customize the Enduser UI
>>
>> I will start with task (1), manual installation; not sure if it makes
>> sense to puppet-ize that: if so, Pierre could possibly help.
>
> Updated: thanks to the LDIF dump saved under
>
> /root/asf-20170110.ldif on syncope-vm2
>
> and the LDAP conf chunks I could derive from
>
> https://github.com/apache/infrastructure-puppet/tree/deployment/modules/ldapserver
>
>
> I was finally able to successfully import everything; the OpenLDAP
> instance is currently up and running, ready to rumble.
>
> FYI I have placed a copy of the resulting slapd.conf under /root on
> syncope-vm2
>
>> Any other volunteer?
>>
>> Regards.
>>
>>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiricc�
>>>> <ilgrosso@apache.org <ma...@apache.org>> wrote:
>>>>
>>>> Hi all,
>>>> semi-formal "ping" for Infra guys: is there anyone available for
>>>> supporting this PoC? As said from the beginning, a fundamental
>>>> requirement is to have someone playing the customer role, otherwise
>>>> any effort is pointless.
>>>>
>>>> Regards.
>>>>
>>>> On 19/12/2016 09:09, Francesco Chicchiricc� wrote:
>>>>> Quick update:
>>>>>
>>>>> 1. Pierre has submitted the first PR for puppet at
>>>>> https://github.com/apache/infrastructure-puppet/pull/156
>>>>>
>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the
>>>>> second commit, exactly 1 year after fist one: time flies):
>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e7e52116834837dbda984
>>>>>
>>>>>
>>>>> However, without someone from Infra providing info +
>>>>> specifications, there is no much more we can do.
>>>>> Infra, please if you're there, knock once.
>>>>>
>>>>> Regards.
>>>>>
>>>>> On 16/12/2016 11:13, Francesco Chicchiricc� wrote:
>>>>>> HI all,
>>>>>> I am happy to report that the VM for the PoC was made available
>>>>>> (syncope-vm2.apache.org) - see INFRA-10931.
>>>>>> I have been able to successfully access via SSH (sudo does not
>>>>>> seem to work, but nothing problematic about this ATM).
>>>>>>
>>>>>> I know from IRC that Pierre is at work to try to define a first
>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>>>>> Besides such components, the setup process will also need to
>>>>>> fetch and build the Maven project from the dedicated GIT
>>>>>> repository (see below).
>>>>>>
>>>>>> Now in fist place I think we should re-attempt to start
>>>>>> discussing the actual requirements of this PoC, and then the
>>>>>> planning.
>>>>>>
>>>>>> This means, essentially, to gather some information from the
>>>>>> infra team.
>>>>>>
>>>>>> I propose again to concentrate, from the list shown by Tony in
>>>>>> [1], on the first item, e.g. "https://id.apache.org (The end-user
>>>>>> part of it)", which triggers these first questions:
>>>>>>
>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>> 2. if so, could you provide some details:
>>>>>> a. which LDAP server implementation? OpenLDAP?
>>>>>> b. which object classes are in use? baseDN(s)?
>>>>>> c. which processes / tools are reading from LDAP? which are
>>>>>> writing?
>>>>>>
>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the
>>>>>> production LDAP servers so that we can setup a local detached
>>>>>> copy which we could use for tests.
>>>>>>
>>>>>> Looking forward to your reply.
>>>>>> Regards.
>>>>>>
>>>>>> On 21/12/2015 17:16, Francesco Chicchiricc� wrote:
>>>>>>> Hi all,
>>>>>>> we now have our GIT repository at
>>>>>>>
>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>>>>
>>>>>>> which is also mirrored, as usual, to GitHub.
>>>>>>>
>>>>>>> As you can see, I have made an initial commit featuring an empty
>>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>>>
>>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we
>>>>>>> can start defining what is actually going to be part of this
>>>>>>> PoC, and how we are going to implement the related features.
>>>>>>>
>>>>>>> From the list showed by Tony in [1], I'd start with first item,
>>>>>>> e.g. "https://id.apache.org (The end-user part of it)".
>>>>>>>
>>>>>>> Here are some questions:
>>>>>>>
>>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>>> 2. if so, could you provide some details:
>>>>>>> a. LDAP architecture (replicas, load-balancing, ..)
>>>>>>> b. which LDAP server implementation? OpenLDAP?
>>>>>>> c. which object classes are in use? baseDN(s)?
>>>>>>> d. which processes / tools are reading from LDAP? which are
>>>>>>> writing?
>>>>>>> e. is there any test LDAP instance available? if not, is it
>>>>>>> possible to pre-load some data from the production instances in
>>>>>>> order to build a test instance in our development VM?
>>>>>>>
>>>>>>> Please add questions if you see something missing.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
--
Francesco Chicchiricc�
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: [IAM PoC] Starting with implementation
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 11/01/2017 12:42, Francesco Chicchiricc� wrote:
> On 10/01/2017 23:56, Chris Lambertus wrote:
>> Yes, I am available. I will provide you an export of our existing
>> LDAP repository and pointers to our schemas.
>
> Thanks Chris, looks good!
>
>> In answer to your questions below regarding id.a.o:
>>
>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as a
>> self-service tool.
>>
>> 2a) OpenLDAP
>> 2b) A variety including some custom schemas which I will make
>> available you along with the ldif.
>> 2c) There are MANY processes and tools which read and write from LDAP.
>>
>> The initial scope of the PoC should be to provision Syncope as an
>> admin and end-user UI for maintaining attributes related to LDAP
>> accounts (committers, staff) as a potential replacement for the
>> id.apache.org <http://id.apache.org> service. Once we\u2019ve explored the
>> key functionality of a test/demo implementation, we can look at what
>> it would take to replace the service in production, along with
>> integrating other tools related to account creation.
>
> I completely agree.
>
> AFAICT, the identified tasks are:
>
> 1. setup an OpenLDAP instance with the content and configuration provided
> 2. configure the Syncope entities: schemas, realms, resource, tasks, ...
> 3. configure / customize the Enduser UI
>
> I will start with task (1), manual installation; not sure if it makes
> sense to puppet-ize that: if so, Pierre could possibly help.
Updated: thanks to the LDIF dump saved under
/root/asf-20170110.ldif on syncope-vm2
and the LDAP conf chunks I could derive from
https://github.com/apache/infrastructure-puppet/tree/deployment/modules/ldapserver
I was finally able to successfully import everything; the OpenLDAP
instance is currently up and running, ready to rumble.
FYI I have placed a copy of the resulting slapd.conf under /root on
syncope-vm2
> Any other volunteer?
>
> Regards.
>
>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiricc�
>>> <ilgrosso@apache.org <ma...@apache.org>> wrote:
>>>
>>> Hi all,
>>> semi-formal "ping" for Infra guys: is there anyone available for
>>> supporting this PoC? As said from the beginning, a fundamental
>>> requirement is to have someone playing the customer role, otherwise
>>> any effort is pointless.
>>>
>>> Regards.
>>>
>>> On 19/12/2016 09:09, Francesco Chicchiricc� wrote:
>>>> Quick update:
>>>>
>>>> 1. Pierre has submitted the first PR for puppet at
>>>> https://github.com/apache/infrastructure-puppet/pull/156
>>>>
>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the
>>>> second commit, exactly 1 year after fist one: time flies):
>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e7e52116834837dbda984
>>>>
>>>>
>>>> However, without someone from Infra providing info +
>>>> specifications, there is no much more we can do.
>>>> Infra, please if you're there, knock once.
>>>>
>>>> Regards.
>>>>
>>>> On 16/12/2016 11:13, Francesco Chicchiricc� wrote:
>>>>> HI all,
>>>>> I am happy to report that the VM for the PoC was made available
>>>>> (syncope-vm2.apache.org) - see INFRA-10931.
>>>>> I have been able to successfully access via SSH (sudo does not
>>>>> seem to work, but nothing problematic about this ATM).
>>>>>
>>>>> I know from IRC that Pierre is at work to try to define a first
>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>>>> Besides such components, the setup process will also need to fetch
>>>>> and build the Maven project from the dedicated GIT repository (see
>>>>> below).
>>>>>
>>>>> Now in fist place I think we should re-attempt to start discussing
>>>>> the actual requirements of this PoC, and then the planning.
>>>>>
>>>>> This means, essentially, to gather some information from the infra
>>>>> team.
>>>>>
>>>>> I propose again to concentrate, from the list shown by Tony in
>>>>> [1], on the first item, e.g. "https://id.apache.org (The end-user
>>>>> part of it)", which triggers these first questions:
>>>>>
>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>> 2. if so, could you provide some details:
>>>>> a. which LDAP server implementation? OpenLDAP?
>>>>> b. which object classes are in use? baseDN(s)?
>>>>> c. which processes / tools are reading from LDAP? which are
>>>>> writing?
>>>>>
>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the
>>>>> production LDAP servers so that we can setup a local detached copy
>>>>> which we could use for tests.
>>>>>
>>>>> Looking forward to your reply.
>>>>> Regards.
>>>>>
>>>>> On 21/12/2015 17:16, Francesco Chicchiricc� wrote:
>>>>>> Hi all,
>>>>>> we now have our GIT repository at
>>>>>>
>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>>>
>>>>>> which is also mirrored, as usual, to GitHub.
>>>>>>
>>>>>> As you can see, I have made an initial commit featuring an empty
>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>>
>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we can
>>>>>> start defining what is actually going to be part of this PoC, and
>>>>>> how we are going to implement the related features.
>>>>>>
>>>>>> From the list showed by Tony in [1], I'd start with first item,
>>>>>> e.g. "https://id.apache.org (The end-user part of it)".
>>>>>>
>>>>>> Here are some questions:
>>>>>>
>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>> 2. if so, could you provide some details:
>>>>>> a. LDAP architecture (replicas, load-balancing, ..)
>>>>>> b. which LDAP server implementation? OpenLDAP?
>>>>>> c. which object classes are in use? baseDN(s)?
>>>>>> d. which processes / tools are reading from LDAP? which are
>>>>>> writing?
>>>>>> e. is there any test LDAP instance available? if not, is it
>>>>>> possible to pre-load some data from the production instances in
>>>>>> order to build a test instance in our development VM?
>>>>>>
>>>>>> Please add questions if you see something missing.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
--
Francesco Chicchiricc�
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: [IAM PoC] Starting with implementation
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 10/01/2017 23:56, Chris Lambertus wrote:
> Yes, I am available. I will provide you an export of our existing LDAP
> repository and pointers to our schemas.
Thanks Chris, looks good!
> In answer to your questions below regarding id.a.o:
>
> 1) Yes, the current id.a.o app exclusively manages data in LDAP as a
> self-service tool.
>
> 2a) OpenLDAP
> 2b) A variety including some custom schemas which I will make
> available you along with the ldif.
> 2c) There are MANY processes and tools which read and write from LDAP.
>
> The initial scope of the PoC should be to provision Syncope as an
> admin and end-user UI for maintaining attributes related to LDAP
> accounts (committers, staff) as a potential replacement for the
> id.apache.org <http://id.apache.org> service. Once we’ve explored the
> key functionality of a test/demo implementation, we can look at what
> it would take to replace the service in production, along with
> integrating other tools related to account creation.
I completely agree.
AFAICT, the identified tasks are:
1. setup an OpenLDAP instance with the content and configuration provided
2. configure the Syncope entities: schemas, realms, resource, tasks, ...
3. configure / customize the Enduser UI
I will start with task (1), manual installation; not sure if it makes
sense to puppet-ize that: if so, Pierre could possibly help.
Any other volunteer?
Regards.
>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò
>> <ilgrosso@apache.org <ma...@apache.org>> wrote:
>>
>> Hi all,
>> semi-formal "ping" for Infra guys: is there anyone available for
>> supporting this PoC? As said from the beginning, a fundamental
>> requirement is to have someone playing the customer role, otherwise
>> any effort is pointless.
>>
>> Regards.
>>
>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>>> Quick update:
>>>
>>> 1. Pierre has submitted the first PR for puppet at
>>> https://github.com/apache/infrastructure-puppet/pull/156
>>>
>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the
>>> second commit, exactly 1 year after fist one: time flies):
>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e7e52116834837dbda984
>>>
>>>
>>> However, without someone from Infra providing info + specifications,
>>> there is no much more we can do.
>>> Infra, please if you're there, knock once.
>>>
>>> Regards.
>>>
>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>>> HI all,
>>>> I am happy to report that the VM for the PoC was made available
>>>> (syncope-vm2.apache.org) - see INFRA-10931.
>>>> I have been able to successfully access via SSH (sudo does not seem
>>>> to work, but nothing problematic about this ATM).
>>>>
>>>> I know from IRC that Pierre is at work to try to define a first
>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>>> Besides such components, the setup process will also need to fetch
>>>> and build the Maven project from the dedicated GIT repository (see
>>>> below).
>>>>
>>>> Now in fist place I think we should re-attempt to start discussing
>>>> the actual requirements of this PoC, and then the planning.
>>>>
>>>> This means, essentially, to gather some information from the infra
>>>> team.
>>>>
>>>> I propose again to concentrate, from the list shown by Tony in [1],
>>>> on the first item, e.g. "https://id.apache.org (The end-user part
>>>> of it)", which triggers these first questions:
>>>>
>>>> 1. does the current app exclusively manage data from LDAP?
>>>> 2. if so, could you provide some details:
>>>> a. which LDAP server implementation? OpenLDAP?
>>>> b. which object classes are in use? baseDN(s)?
>>>> c. which processes / tools are reading from LDAP? which are writing?
>>>>
>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the
>>>> production LDAP servers so that we can setup a local detached copy
>>>> which we could use for tests.
>>>>
>>>> Looking forward to your reply.
>>>> Regards.
>>>>
>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>>> Hi all,
>>>>> we now have our GIT repository at
>>>>>
>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>>
>>>>> which is also mirrored, as usual, to GitHub.
>>>>>
>>>>> As you can see, I have made an initial commit featuring an empty
>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>
>>>>> Now, waiting for the VM to be available (see INFRA-10931), we can
>>>>> start defining what is actually going to be part of this PoC, and
>>>>> how we are going to implement the related features.
>>>>>
>>>>> From the list showed by Tony in [1], I'd start with first item,
>>>>> e.g. "https://id.apache.org (The end-user part of it)".
>>>>>
>>>>> Here are some questions:
>>>>>
>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>> 2. if so, could you provide some details:
>>>>> a. LDAP architecture (replicas, load-balancing, ..)
>>>>> b. which LDAP server implementation? OpenLDAP?
>>>>> c. which object classes are in use? baseDN(s)?
>>>>> d. which processes / tools are reading from LDAP? which are
>>>>> writing?
>>>>> e. is there any test LDAP instance available? if not, is it
>>>>> possible to pre-load some data from the production instances in
>>>>> order to build a test instance in our development VM?
>>>>>
>>>>> Please add questions if you see something missing.
>>>>>
>>>>> Regards.
>>>>>
>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: [IAM PoC] Starting with implementation
Posted by Chris Lambertus <cm...@apache.org>.
> On Jan 10, 2017, at 2:56 PM, Chris Lambertus <cm...@apache.org> wrote:
>
> I will provide you an export of our existing LDAP repository and pointers to our schemas.
I’ve placed the ldif dump in /root/asf-20170110.ldif on syncope-vm2.
Our LDAP server configuration is generally defined in the following puppet module:
https://github.com/apache/infrastructure-puppet/tree/deployment/modules/ldapserver <https://github.com/apache/infrastructure-puppet/tree/deployment/modules/ldapserver>
The custom schemas are in files/. There is a slapd.conf template that describes the ACLs in templates/slapd.conf.erb. Some of the data won’t be available to you because there are passwords for things like replication stored encrypted in other locations.
-Chris
Re: [IAM PoC] Starting with implementation
Posted by Chris Lambertus <cm...@apache.org>.
Yes, I am available. I will provide you an export of our existing LDAP repository and pointers to our schemas. In answer to your questions below regarding id.a.o:
1) Yes, the current id.a.o app exclusively manages data in LDAP as a self-service tool.
2a) OpenLDAP
2b) A variety including some custom schemas which I will make available you along with the ldif.
2c) There are MANY processes and tools which read and write from LDAP.
The initial scope of the PoC should be to provision Syncope as an admin and end-user UI for maintaining attributes related to LDAP accounts (committers, staff) as a potential replacement for the id.apache.org <http://id.apache.org/> service. Once we’ve explored the key functionality of a test/demo implementation, we can look at what it would take to replace the service in production, along with integrating other tools related to account creation.
-Chris
> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò <il...@apache.org> wrote:
>
> Hi all,
> semi-formal "ping" for Infra guys: is there anyone available for supporting this PoC? As said from the beginning, a fundamental requirement is to have someone playing the customer role, otherwise any effort is pointless.
>
> Regards.
>
> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>> Quick update:
>>
>> 1. Pierre has submitted the first PR for puppet at
>> https://github.com/apache/infrastructure-puppet/pull/156
>>
>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the second commit, exactly 1 year after fist one: time flies):
>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e7e52116834837dbda984
>>
>> However, without someone from Infra providing info + specifications, there is no much more we can do.
>> Infra, please if you're there, knock once.
>>
>> Regards.
>>
>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>> HI all,
>>> I am happy to report that the VM for the PoC was made available (syncope-vm2.apache.org) - see INFRA-10931.
>>> I have been able to successfully access via SSH (sudo does not seem to work, but nothing problematic about this ATM).
>>>
>>> I know from IRC that Pierre is at work to try to define a first Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>> Besides such components, the setup process will also need to fetch and build the Maven project from the dedicated GIT repository (see below).
>>>
>>> Now in fist place I think we should re-attempt to start discussing the actual requirements of this PoC, and then the planning.
>>>
>>> This means, essentially, to gather some information from the infra team.
>>>
>>> I propose again to concentrate, from the list shown by Tony in [1], on the first item, e.g. "https://id.apache.org (The end-user part of it)", which triggers these first questions:
>>>
>>> 1. does the current app exclusively manage data from LDAP?
>>> 2. if so, could you provide some details:
>>> a. which LDAP server implementation? OpenLDAP?
>>> b. which object classes are in use? baseDN(s)?
>>> c. which processes / tools are reading from LDAP? which are writing?
>>>
>>> In INFRA-10931, Greg proposed to provide an LDIF export of the production LDAP servers so that we can setup a local detached copy which we could use for tests.
>>>
>>> Looking forward to your reply.
>>> Regards.
>>>
>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>> Hi all,
>>>> we now have our GIT repository at
>>>>
>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>
>>>> which is also mirrored, as usual, to GitHub.
>>>>
>>>> As you can see, I have made an initial commit featuring an empty default Syncope 2.0.0-SNAPSHOT setup.
>>>>
>>>> Now, waiting for the VM to be available (see INFRA-10931), we can start defining what is actually going to be part of this PoC, and how we are going to implement the related features.
>>>>
>>>> From the list showed by Tony in [1], I'd start with first item, e.g. "https://id.apache.org (The end-user part of it)".
>>>>
>>>> Here are some questions:
>>>>
>>>> 1. does the current app exclusively manage data from LDAP?
>>>> 2. if so, could you provide some details:
>>>> a. LDAP architecture (replicas, load-balancing, ..)
>>>> b. which LDAP server implementation? OpenLDAP?
>>>> c. which object classes are in use? baseDN(s)?
>>>> d. which processes / tools are reading from LDAP? which are writing?
>>>> e. is there any test LDAP instance available? if not, is it possible to pre-load some data from the production instances in order to build a test instance in our development VM?
>>>>
>>>> Please add questions if you see something missing.
>>>>
>>>> Regards.
>>>>
>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>