You are viewing a plain text version of this content. The canonical link for it is here.
Posted to infrastructure-dev@apache.org by chris <ch...@ia.gov> on 2009/05/13 15:32:28 UTC
LDAP: script to create groups and a template file from the SVN asf-authz
file
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
First a little background on what this is laying the ground work for.
We will consider the currently used asf-authorization as the definitive source for LDAP groups and group membership.
Committers-[a-z] will be rolled into one committers group within LDAP since the issues with editing the file will be no
more.
The original svn asf-authorization file will also be used to generate a template file where the groups have been
replaced by {ldap:$groupname}. That will later be expanded from source LDAP by a script triggered by a SVN commit of
asf-authorization-template OR by a change in LDAP that concerns any SVN group. Either event will trigger a rebuild of
asf-authorization.
- ----
Tony, before running, be certain to edit the variables to fit.
http://arreyder.com/grpandtemplate-from-asfauthz.pl
from the comments:
########################################################
# One time run script that reads asf-authorization.
# 1) Creates an LDIF of the groups found in asf-authz
# preserving the local /etc/groups gid if found
# else picks a new ones starting at the value of
# $gid.
# 2) Creates a new asf-authorization-template that
# that will be used by a later script to build
# asf-authz groups from LDAP.
# ** Life will be easier if you roll the committers-*
# groups and rights into one committers group
# in the asf-authz file this is run against.
# ** This should be run *before* any groups from the
# the local /etc/groups have been imported.
crr/arreyder
chris@ia.gov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoKy+wACgkQPmaZdRmQd+YU+wCdH4NJg9eawjBvz478czxr2d0l
lmkAnA4qnvMOpYqT2rVMELcwQVzFO5ys
=wwpc
-----END PGP SIGNATURE-----
Re: LDAP: script to create groups and a template file from the SVN asf-authz file
Posted by Tony Stevenson <to...@pc-tony.com>.
On 13 May 2009, at 14:37, sebb wrote:
[SNIP ...]
>
> Yuk!
> I know I'm not directly involved in this, but surely the script should
> be able to deal with multiple committers-? groups?
>
> Otherwise another script is going to have to be created just to do
> this.
>
Sebb, calm down. This is the initial draft of the script, as I need
to test functionality and see what needs massaging before go live.
This is *NOT* the final script. The final script will do this for us.
I wanted to get my hands on the script so I can begin testing whilst I
have some free cycles.
>> # ** This should be run *before* any groups from the
>> # the local /etc/groups have been imported.
>>
>>
>>
>> crr/arreyder
>> chris@ia.gov
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.10 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iEYEARECAAYFAkoKy+wACgkQPmaZdRmQd+YU+wCdH4NJg9eawjBvz478czxr2d0l
>> lmkAnA4qnvMOpYqT2rVMELcwQVzFO5ys
>> =wwpc
>> -----END PGP SIGNATURE-----
>>
Cheers,
Tony
--------------------------------------------
Tony Stevenson
tony@pc-tony.com - pctony@apache.org
pctony@freenode.net - tony@caret.cam.ac.uk
http://blog.pc-tony.com
1024D/51047D66 ECAF DC55 C608 5E82 0B5E
3359 C9C7 924E 5104 7D66
--------------------------------------------
Re: LDAP: script to create groups and a template file from the SVN
asf-authz file
Posted by chris <ch...@ia.gov>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> OK.
> Sorry, I should have been more careful in how I worded my email.
>
> I took the comments to be the final say on how the script was designed
> to be used, rather than the current state of play.
>
> BTW, it might be useful to add "use strict; use warnings;" to the script.
This is the last time I send anything to the list that's "not done yet". I thought it a good idea to get what we had
worked out on IRC into the public eye sooner rather than later and Tony wanting this script seemed to be a good
opportunity to get out the word. The plan was more the point of the email than the script I wrote in 5 minutes over
lunch while trying to scarf down a roast beef sandwich. Poor subject line choice.
I do appreciate the input Sebb.
crr/arreyder
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoK4OcACgkQPmaZdRmQd+Y/CQCbBPRXy5MPQ9FRddUtC6Qv2yCv
MnMAnjBs0vLZGf9MT+7q32VFSjcu1k36
=BjeO
-----END PGP SIGNATURE-----
Re: LDAP: script to create groups and a template file from the SVN
asf-authz file
Posted by sebb <se...@gmail.com>.
On 13/05/2009, chris <ch...@ia.gov> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> >
>
> > Yuk!
> > I know I'm not directly involved in this, but surely the script should
> > be able to deal with multiple committers-? groups?
> >
>
>
> Yes it is "Yuk" Sebb. Tony seemed to want it now, as is, so there it is. When I have a minute I will revisit and add
> that bit.
>
OK.
Sorry, I should have been more careful in how I worded my email.
I took the comments to be the final say on how the script was designed
to be used, rather than the current state of play.
BTW, it might be useful to add "use strict; use warnings;" to the script.
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>
> iEYEARECAAYFAkoK1T8ACgkQPmaZdRmQd+YUsQCeOjitHJDnhdAuvcnFJcoSAzEt
> bjMAn0iRw7kj1CMvIYcS4mwNidPK18Cj
> =OMfE
> -----END PGP SIGNATURE-----
>
Re: LDAP: script to create groups and a template file from the SVN
asf-authz file
Posted by chris <ch...@ia.gov>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
> Yuk!
> I know I'm not directly involved in this, but surely the script should
> be able to deal with multiple committers-? groups?
>
Yes it is "Yuk" Sebb. Tony seemed to want it now, as is, so there it is. When I have a minute I will revisit and add
that bit.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoK1T8ACgkQPmaZdRmQd+YUsQCeOjitHJDnhdAuvcnFJcoSAzEt
bjMAn0iRw7kj1CMvIYcS4mwNidPK18Cj
=OMfE
-----END PGP SIGNATURE-----
Re: LDAP: script to create groups and a template file from the SVN
asf-authz file
Posted by sebb <se...@gmail.com>.
On 13/05/2009, chris <ch...@ia.gov> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> First a little background on what this is laying the ground work for.
>
> We will consider the currently used asf-authorization as the definitive source for LDAP groups and group membership.
> Committers-[a-z] will be rolled into one committers group within LDAP since the issues with editing the file will be no
> more.
>
> The original svn asf-authorization file will also be used to generate a template file where the groups have been
> replaced by {ldap:$groupname}. That will later be expanded from source LDAP by a script triggered by a SVN commit of
> asf-authorization-template OR by a change in LDAP that concerns any SVN group. Either event will trigger a rebuild of
> asf-authorization.
>
> - ----
>
> Tony, before running, be certain to edit the variables to fit.
>
> http://arreyder.com/grpandtemplate-from-asfauthz.pl
>
> from the comments:
>
> ########################################################
> # One time run script that reads asf-authorization.
> # 1) Creates an LDIF of the groups found in asf-authz
> # preserving the local /etc/groups gid if found
> # else picks a new ones starting at the value of
> # $gid.
> # 2) Creates a new asf-authorization-template that
> # that will be used by a later script to build
> # asf-authz groups from LDAP.
> # ** Life will be easier if you roll the committers-*
> # groups and rights into one committers group
> # in the asf-authz file this is run against.
Yuk!
I know I'm not directly involved in this, but surely the script should
be able to deal with multiple committers-? groups?
Otherwise another script is going to have to be created just to do this.
> # ** This should be run *before* any groups from the
> # the local /etc/groups have been imported.
>
>
>
> crr/arreyder
> chris@ia.gov
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkoKy+wACgkQPmaZdRmQd+YU+wCdH4NJg9eawjBvz478czxr2d0l
> lmkAnA4qnvMOpYqT2rVMELcwQVzFO5ys
> =wwpc
> -----END PGP SIGNATURE-----
>