Hi,
quick update: I have defined some schemas and the local LDAP resource
with provision for both users and groups: at the moment browsing the
resource from Syncope Admin UI works fine.
Regards.
On 11/01/2017 16:12, Francesco Chicchiriccò wrote:
> On 11/01/2017 12:42, Francesco Chicchiriccò wrote:
>> On 10/01/2017 23:56, Chris Lambertus wrote:
>>> Yes, I am available. I will provide you an export of our existing
>>> LDAP repository and pointers to our schemas.
>>
>> Thanks Chris, looks good!
>>
>>> In answer to your questions below regarding id.a.o:
>>>
>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as a
>>> self-service tool.
>>>
>>> 2a) OpenLDAP
>>> 2b) A variety including some custom schemas which I will make
>>> available you along with the ldif.
>>> 2c) There are MANY processes and tools which read and write from LDAP.
>>>
>>> The initial scope of the PoC should be to provision Syncope as an
>>> admin and end-user UI for maintaining attributes related to LDAP
>>> accounts (committers, staff) as a potential replacement for the
>>> id.apache.org <http://id.apache.org> service. Once we’ve explored
>>> the key functionality of a test/demo implementation, we can look at
>>> what it would take to replace the service in production, along with
>>> integrating other tools related to account creation.
>>
>> I completely agree.
>>
>> AFAICT, the identified tasks are:
>>
>> 1. setup an OpenLDAP instance with the content and configuration
>> provided
>> 2. configure the Syncope entities: schemas, realms, resource, tasks, ...
>> 3. configure / customize the Enduser UI
>>
>> I will start with task (1), manual installation; not sure if it makes
>> sense to puppet-ize that: if so, Pierre could possibly help.
>
> Updated: thanks to the LDIF dump saved under
>
> /root/asf-20170110.ldif on syncope-vm2
>
> and the LDAP conf chunks I could derive from
>
> https://github.com/apache/infrastructure-puppet/tree/deployment/modules/ldapserver
>
>
> I was finally able to successfully import everything; the OpenLDAP
> instance is currently up and running, ready to rumble.
>
> FYI I have placed a copy of the resulting slapd.conf under /root on
> syncope-vm2
>
>> Any other volunteer?
>>
>> Regards.
>>
>>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò
>>>> <ilgrosso@apache.org <mailto:ilgrosso@apache.org>> wrote:
>>>>
>>>> Hi all,
>>>> semi-formal "ping" for Infra guys: is there anyone available for
>>>> supporting this PoC? As said from the beginning, a fundamental
>>>> requirement is to have someone playing the customer role, otherwise
>>>> any effort is pointless.
>>>>
>>>> Regards.
>>>>
>>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>>>>> Quick update:
>>>>>
>>>>> 1. Pierre has submitted the first PR for puppet at
>>>>> https://github.com/apache/infrastructure-puppet/pull/156
>>>>>
>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the
>>>>> second commit, exactly 1 year after fist one: time flies):
>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e7e52116834837dbda984
>>>>>
>>>>>
>>>>> However, without someone from Infra providing info +
>>>>> specifications, there is no much more we can do.
>>>>> Infra, please if you're there, knock once.
>>>>>
>>>>> Regards.
>>>>>
>>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>>>>> HI all,
>>>>>> I am happy to report that the VM for the PoC was made available
>>>>>> (syncope-vm2.apache.org) - see INFRA-10931.
>>>>>> I have been able to successfully access via SSH (sudo does not
>>>>>> seem to work, but nothing problematic about this ATM).
>>>>>>
>>>>>> I know from IRC that Pierre is at work to try to define a first
>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>>>>> Besides such components, the setup process will also need to
>>>>>> fetch and build the Maven project from the dedicated GIT
>>>>>> repository (see below).
>>>>>>
>>>>>> Now in fist place I think we should re-attempt to start
>>>>>> discussing the actual requirements of this PoC, and then the
>>>>>> planning.
>>>>>>
>>>>>> This means, essentially, to gather some information from the
>>>>>> infra team.
>>>>>>
>>>>>> I propose again to concentrate, from the list shown by Tony in
>>>>>> [1], on the first item, e.g. "https://id.apache.org (The end-user
>>>>>> part of it)", which triggers these first questions:
>>>>>>
>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>> 2. if so, could you provide some details:
>>>>>> a. which LDAP server implementation? OpenLDAP?
>>>>>> b. which object classes are in use? baseDN(s)?
>>>>>> c. which processes / tools are reading from LDAP? which are
>>>>>> writing?
>>>>>>
>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the
>>>>>> production LDAP servers so that we can setup a local detached
>>>>>> copy which we could use for tests.
>>>>>>
>>>>>> Looking forward to your reply.
>>>>>> Regards.
>>>>>>
>>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>>>>> Hi all,
>>>>>>> we now have our GIT repository at
>>>>>>>
>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>>>>
>>>>>>> which is also mirrored, as usual, to GitHub.
>>>>>>>
>>>>>>> As you can see, I have made an initial commit featuring an empty
>>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>>>
>>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we
>>>>>>> can start defining what is actually going to be part of this
>>>>>>> PoC, and how we are going to implement the related features.
>>>>>>>
>>>>>>> From the list showed by Tony in [1], I'd start with first item,
>>>>>>> e.g. "https://id.apache.org (The end-user part of it)".
>>>>>>>
>>>>>>> Here are some questions:
>>>>>>>
>>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>>> 2. if so, could you provide some details:
>>>>>>> a. LDAP architecture (replicas, load-balancing, ..)
>>>>>>> b. which LDAP server implementation? OpenLDAP?
>>>>>>> c. which object classes are in use? baseDN(s)?
>>>>>>> d. which processes / tools are reading from LDAP? which are
>>>>>>> writing?
>>>>>>> e. is there any test LDAP instance available? if not, is it
>>>>>>> possible to pre-load some data from the production instances
in
>>>>>>> order to build a test instance in our development VM?
>>>>>>>
>>>>>>> Please add questions if you see something missing.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
|