You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-dev@apache.org by Tony Stevenson <ts...@cam.ac.uk> on 2009/05/12 00:56:49 UTC

ASF LDAP Project Update

Good evening,

Good news! At last!

LDAP is now up and running, with a tested synchronisation between EU  
(harmonia) and US (eris).
Thanks to pgollucci who has managed to update all the BSD boxes in  
question to 7.2, and installed the latest OpenLDAP bits.

So, now that we have this working, we are preparing to migrate all  
user accounts into LDAP this week (date to be set tomorrow).
We will be using pam_ldap and nss_ldap to control shell access on  
mino, and this too has been tested.

The plan going forward:
=======================

Step 1:  Import all user accounts from mino.  (During which time shell  
access will be denied)
Step 2:  Import all groups from mino.  This will likely be done the  
week following, as it involved merging SVN and POSIX groups into one.   
This will need a little more testing before we flick the switch.
Step 3:  Import all other user artifacts, where possible, into LDAP.  
Things such as .forward files. SSH public keys etc.
Step 4:  Deploy a user management portal, hopefully this will allow us  
to let users self-sooth (self-manage) their account.
Step 5:  Grab some beers.  Get drunk.  Forget everything.  :-)


Other things that need doing
============================

  - Backup the database (daily?) so we can recover very easily if we  
need too.
  - Update the account creation process to include LDAP.



I hope to have this 100% wrapped up before the end of June this year.   
However, as always, if we hit a snag it'll get drawn out.

There are currently no 'live' users in LDAP at the moment.  So you  
dont need to worry about it just yet.


Cheers,
Tony

--------------------------------------------
Tony Stevenson

tony@caret.cam.ac.uk  // ts457@cam.ac.uk

1024D/51047D66 ECAF DC55 C608 5E82 0B5E
3359 C9C7 924E 5104 7D66
-------------------------------------------

Re: ASF LDAP Project Update

Posted by Tony Stevenson <to...@pc-tony.com>.

Also,

Before I forget,a big thanks to arreyder for his great help so far in  
working on merging the SVN & POSIX groups, amongst other stuff.

On 11 May 2009, at 23:56, Tony Stevenson wrote:

> Good evening,
>
> Good news! At last!
>
> LDAP is now up and running, with a tested synchronisation between EU  
> (harmonia) and US (eris).
> Thanks to pgollucci who has managed to update all the BSD boxes in  
> question to 7.2, and installed the latest OpenLDAP bits.
>
> So, now that we have this working, we are preparing to migrate all  
> user accounts into LDAP this week (date to be set tomorrow).
> We will be using pam_ldap and nss_ldap to control shell access on  
> mino, and this too has been tested.
>
> The plan going forward:
> =======================
>
> Step 1:  Import all user accounts from mino.  (During which time  
> shell access will be denied)
> Step 2:  Import all groups from mino.  This will likely be done the  
> week following, as it involved merging SVN and POSIX groups into  
> one.  This will need a little more testing before we flick the switch.
> Step 3:  Import all other user artifacts, where possible, into LDAP.  
> Things such as .forward files. SSH public keys etc.
> Step 4:  Deploy a user management portal, hopefully this will allow  
> us to let users self-sooth (self-manage) their account.
> Step 5:  Grab some beers.  Get drunk.  Forget everything.  :-)
>
>
> Other things that need doing
> ============================
>
> - Backup the database (daily?) so we can recover very easily if we  
> need too.
> - Update the account creation process to include LDAP.
>
>
>
> I hope to have this 100% wrapped up before the end of June this  
> year.  However, as always, if we hit a snag it'll get drawn out.
>
> There are currently no 'live' users in LDAP at the moment.  So you  
> dont need to worry about it just yet.
>
>
> Cheers,
> Tony
>
> --------------------------------------------
> Tony Stevenson
>
> tony@caret.cam.ac.uk  // ts457@cam.ac.uk
>
> 1024D/51047D66 ECAF DC55 C608 5E82 0B5E
> 3359 C9C7 924E 5104 7D66
> -------------------------------------------
>
>
>
>
>




Cheers,
Tony


--------------------------------------------
Tony Stevenson

tony@pc-tony.com - pctony@apache.org
pctony@freenode.net - tony@caret.cam.ac.uk

http://blog.pc-tony.com

1024D/51047D66 ECAF DC55 C608 5E82 0B5E
3359 C9C7 924E 5104 7D66
--------------------------------------------