syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: [IAM PoC] Starting with implementation
Date Thu, 12 Jan 2017 16:14:33 GMT
Hi,
quick update: I have defined some schemas and the local LDAP resource 
with provision for both users and groups: at the moment browsing the 
resource from Syncope Admin UI works fine.

Regards.

On 11/01/2017 16:12, Francesco Chicchiriccò wrote:
> On 11/01/2017 12:42, Francesco Chicchiriccò wrote:
>> On 10/01/2017 23:56, Chris Lambertus wrote:
>>> Yes, I am available. I will provide you an export of our existing 
>>> LDAP repository and pointers to our schemas.
>>
>> Thanks Chris, looks good!
>>
>>> In answer to your questions below regarding id.a.o:
>>>
>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as a 
>>> self-service tool.
>>>
>>> 2a) OpenLDAP
>>> 2b) A variety including some custom schemas which I will make 
>>> available you along with the ldif.
>>> 2c) There are MANY processes and tools which read and write from LDAP.
>>>
>>> The initial scope of the PoC should be to provision Syncope as an 
>>> admin and end-user UI for maintaining attributes related to LDAP 
>>> accounts (committers, staff) as a potential replacement for the 
>>> id.apache.org <http://id.apache.org> service. Once we’ve explored 
>>> the key functionality of a test/demo implementation, we can look at 
>>> what it would take to replace the service in production, along with 
>>> integrating other tools related to account creation.
>>
>> I completely agree.
>>
>> AFAICT, the identified tasks are:
>>
>> 1. setup an OpenLDAP  instance with the content and configuration 
>> provided
>> 2. configure the Syncope entities: schemas, realms, resource, tasks, ...
>> 3. configure / customize the Enduser UI
>>
>> I will start with task (1), manual installation; not sure if it makes 
>> sense to puppet-ize that: if so, Pierre could possibly help.
>
> Updated: thanks to the LDIF dump saved under
>
> /root/asf-20170110.ldif on syncope-vm2
>
> and the LDAP conf chunks I could derive from
>
> https://github.com/apache/infrastructure-puppet/tree/deployment/modules/ldapserver 
>
>
> I was finally able to successfully import everything; the OpenLDAP 
> instance is currently up and running, ready to rumble.
>
> FYI I have placed a copy of the resulting slapd.conf under /root on 
> syncope-vm2
>
>> Any other volunteer?
>>
>> Regards.
>>
>>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò 
>>>> <ilgrosso@apache.org <mailto:ilgrosso@apache.org>> wrote:
>>>>
>>>> Hi all,
>>>> semi-formal "ping" for Infra guys: is there anyone available for 
>>>> supporting this PoC? As said from the beginning, a fundamental 
>>>> requirement is to have someone playing the customer role, otherwise 
>>>> any effort is pointless.
>>>>
>>>> Regards.
>>>>
>>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>>>>> Quick update:
>>>>>
>>>>> 1. Pierre has submitted the first PR for puppet at
>>>>> https://github.com/apache/infrastructure-puppet/pull/156
>>>>>
>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the 
>>>>> second commit, exactly 1 year after fist one: time flies):
>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e7e52116834837dbda984

>>>>>
>>>>>
>>>>> However, without someone from Infra providing info + 
>>>>> specifications, there is no much more we can do.
>>>>> Infra, please if you're there, knock once.
>>>>>
>>>>> Regards.
>>>>>
>>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>>>>> HI all,
>>>>>> I am happy to report that the VM for the PoC was made available 
>>>>>> (syncope-vm2.apache.org) - see INFRA-10931.
>>>>>> I have been able to successfully access via SSH (sudo does not 
>>>>>> seem to work, but nothing problematic about this ATM).
>>>>>>
>>>>>> I know from IRC that Pierre is at work to try to define a first 
>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>>>>> Besides such components, the setup process will also need to 
>>>>>> fetch and build the Maven project from the dedicated GIT 
>>>>>> repository (see below).
>>>>>>
>>>>>> Now in fist place I think we should re-attempt to start 
>>>>>> discussing the actual requirements of this PoC, and then the 
>>>>>> planning.
>>>>>>
>>>>>> This means, essentially, to gather some information from the 
>>>>>> infra team.
>>>>>>
>>>>>> I propose again to concentrate, from the list shown by Tony in 
>>>>>> [1], on the first item, e.g. "https://id.apache.org (The end-user

>>>>>> part of it)", which triggers these first questions:
>>>>>>
>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>> 2. if so, could you provide some details:
>>>>>>    a. which LDAP server implementation? OpenLDAP?
>>>>>>    b. which object classes are in use? baseDN(s)?
>>>>>>    c. which processes / tools are reading from LDAP? which are 
>>>>>> writing?
>>>>>>
>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the 
>>>>>> production LDAP servers so that we can setup a local detached 
>>>>>> copy which we could use for tests.
>>>>>>
>>>>>> Looking forward to your reply.
>>>>>> Regards.
>>>>>>
>>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>>>>> Hi all,
>>>>>>> we now have our GIT repository at
>>>>>>>
>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>>>>
>>>>>>> which is also mirrored, as usual, to GitHub.
>>>>>>>
>>>>>>> As you can see, I have made an initial commit featuring an empty

>>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>>>
>>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we

>>>>>>> can start defining what is actually going to be part of this

>>>>>>> PoC, and how we are going to implement the related features.
>>>>>>>
>>>>>>> From the list showed by Tony in [1], I'd start with first item,

>>>>>>> e.g. "https://id.apache.org (The end-user part of it)".
>>>>>>>
>>>>>>> Here are some questions:
>>>>>>>
>>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>>> 2. if so, could you provide some details:
>>>>>>>    a. LDAP architecture (replicas, load-balancing, ..)
>>>>>>>    b. which LDAP server implementation? OpenLDAP?
>>>>>>>    c. which object classes are in use? baseDN(s)?
>>>>>>>    d. which processes / tools are reading from LDAP? which are

>>>>>>> writing?
>>>>>>>    e. is there any test LDAP instance available? if not, is it

>>>>>>> possible to pre-load some data from the production instances
in 
>>>>>>> order to build a test instance in our development VM?
>>>>>>>
>>>>>>> Please add questions if you see something missing.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/


Mime
View raw message