syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: [IAM PoC] Starting with implementation
Date Thu, 12 Jan 2017 19:23:13 GMT
Il 12 gennaio 2017 19:23:37 CET, Pierre Smits <pierre.smits@gmail.com> ha scritto:
>I see that the syncope-vm is working. But did we use the preconfigured
>installations of tomcat and postgresql (the client for connection to a
>ASF
>psql setup)?

syncope-vm.apache.org hosts our public demo, see

http://syncope.apache.org/demo.html

I am working on syncope-vm2 with manual Tomcat deployment (and PostgreSQL) of the artifacts
built from the POC GIT repository.

Regards.

>On Thu, Jan 12, 2017 at 5:14 PM, Francesco Chicchiriccò
><ilgrosso@apache.org
>> wrote:
>
>> Hi,
>> quick update: I have defined some schemas and the local LDAP resource
>with
>> provision for both users and groups: at the moment browsing the
>resource
>> from Syncope Admin UI works fine.
>>
>> Regards.
>>
>> On 11/01/2017 16:12, Francesco Chicchiriccò wrote:
>>
>>> On 11/01/2017 12:42, Francesco Chicchiriccò wrote:
>>>
>>>> On 10/01/2017 23:56, Chris Lambertus wrote:
>>>>
>>>>> Yes, I am available. I will provide you an export of our existing
>LDAP
>>>>> repository and pointers to our schemas.
>>>>>
>>>>
>>>> Thanks Chris, looks good!
>>>>
>>>> In answer to your questions below regarding id.a.o:
>>>>>
>>>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as
>a
>>>>> self-service tool.
>>>>>
>>>>> 2a) OpenLDAP
>>>>> 2b) A variety including some custom schemas which I will make
>available
>>>>> you along with the ldif.
>>>>> 2c) There are MANY processes and tools which read and write from
>LDAP.
>>>>>
>>>>> The initial scope of the PoC should be to provision Syncope as an
>admin
>>>>> and end-user UI for maintaining attributes related to LDAP
>accounts
>>>>> (committers, staff) as a potential replacement for the
>id.apache.org <
>>>>> http://id.apache.org> service. Once we’ve explored the key
>>>>> functionality of a test/demo implementation, we can look at what
>it would
>>>>> take to replace the service in production, along with integrating
>other
>>>>> tools related to account creation.
>>>>>
>>>>
>>>> I completely agree.
>>>>
>>>> AFAICT, the identified tasks are:
>>>>
>>>> 1. setup an OpenLDAP  instance with the content and configuration
>>>> provided
>>>> 2. configure the Syncope entities: schemas, realms, resource,
>tasks, ...
>>>> 3. configure / customize the Enduser UI
>>>>
>>>> I will start with task (1), manual installation; not sure if it
>makes
>>>> sense to puppet-ize that: if so, Pierre could possibly help.
>>>>
>>>
>>> Updated: thanks to the LDIF dump saved under
>>>
>>> /root/asf-20170110.ldif on syncope-vm2
>>>
>>> and the LDAP conf chunks I could derive from
>>>
>>> https://github.com/apache/infrastructure-puppet/tree/deploym
>>> ent/modules/ldapserver
>>>
>>> I was finally able to successfully import everything; the OpenLDAP
>>> instance is currently up and running, ready to rumble.
>>>
>>> FYI I have placed a copy of the resulting slapd.conf under /root on
>>> syncope-vm2
>>>
>>> Any other volunteer?
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò
><ilgrosso@apache.org
>>>>>> <mailto:ilgrosso@apache.org>> wrote:
>>>>>>
>>>>>> Hi all,
>>>>>> semi-formal "ping" for Infra guys: is there anyone available for
>>>>>> supporting this PoC? As said from the beginning, a fundamental
>requirement
>>>>>> is to have someone playing the customer role, otherwise any
>effort is
>>>>>> pointless.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>>>>>>
>>>>>>> Quick update:
>>>>>>>
>>>>>>> 1. Pierre has submitted the first PR for puppet at
>>>>>>> https://github.com/apache/infrastructure-puppet/pull/156
>>>>>>>
>>>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's
the
>>>>>>> second commit, exactly 1 year after fist one: time flies):
>>>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e
>>>>>>> 7e52116834837dbda984
>>>>>>>
>>>>>>> However, without someone from Infra providing info +
>specifications,
>>>>>>> there is no much more we can do.
>>>>>>> Infra, please if you're there, knock once.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>>>>>>
>>>>>>>> HI all,
>>>>>>>> I am happy to report that the VM for the PoC was made available
>(
>>>>>>>> syncope-vm2.apache.org) - see INFRA-10931.
>>>>>>>> I have been able to successfully access via SSH (sudo does
not
>seem
>>>>>>>> to work, but nothing problematic about this ATM).
>>>>>>>>
>>>>>>>> I know from IRC that Pierre is at work to try to define a
first
>>>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and
>PostgreSQL.
>>>>>>>> Besides such components, the setup process will also need
to
>fetch
>>>>>>>> and build the Maven project from the dedicated GIT repository
>(see below).
>>>>>>>>
>>>>>>>> Now in fist place I think we should re-attempt to start
>discussing
>>>>>>>> the actual requirements of this PoC, and then the planning.
>>>>>>>>
>>>>>>>> This means, essentially, to gather some information from
the
>infra
>>>>>>>> team.
>>>>>>>>
>>>>>>>> I propose again to concentrate, from the list shown by Tony
in
>[1],
>>>>>>>> on the first item, e.g. "https://id.apache.org (The end-user
>part
>>>>>>>> of it)", which triggers these first questions:
>>>>>>>>
>>>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>>>> 2. if so, could you provide some details:
>>>>>>>>    a. which LDAP server implementation? OpenLDAP?
>>>>>>>>    b. which object classes are in use? baseDN(s)?
>>>>>>>>    c. which processes / tools are reading from LDAP? which
are
>>>>>>>> writing?
>>>>>>>>
>>>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of
the
>>>>>>>> production LDAP servers so that we can setup a local detached
>copy which we
>>>>>>>> could use for tests.
>>>>>>>>
>>>>>>>> Looking forward to your reply.
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>> we now have our GIT repository at
>>>>>>>>>
>>>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
>>>>>>>>>
>>>>>>>>> which is also mirrored, as usual, to GitHub.
>>>>>>>>>
>>>>>>>>> As you can see, I have made an initial commit featuring
an
>empty
>>>>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>>>>>
>>>>>>>>> Now, waiting for the VM to be available (see INFRA-10931),
we
>can
>>>>>>>>> start defining what is actually going to be part of this
PoC,
>and how we
>>>>>>>>> are going to implement the related features.
>>>>>>>>>
>>>>>>>>> From the list showed by Tony in [1], I'd start with first
>item,
>>>>>>>>> e.g. "https://id.apache.org (The end-user part of it)".
>>>>>>>>>
>>>>>>>>> Here are some questions:
>>>>>>>>>
>>>>>>>>> 1. does the current app exclusively manage data from
LDAP?
>>>>>>>>> 2. if so, could you provide some details:
>>>>>>>>>    a. LDAP architecture (replicas, load-balancing, ..)
>>>>>>>>>    b. which LDAP server implementation? OpenLDAP?
>>>>>>>>>    c. which object classes are in use? baseDN(s)?
>>>>>>>>>    d. which processes / tools are reading from LDAP?
which are
>>>>>>>>> writing?
>>>>>>>>>    e. is there any test LDAP instance available? if not,
is it
>>>>>>>>> possible to pre-load some data from the production instances
>in order to
>>>>>>>>> build a test instance in our development VM?
>>>>>>>>>
>>>>>>>>> Please add questions if you see something missing.
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
>>>>>>>>>
>>>>>>>>
>> --
>> Francesco Chicchiriccò
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> Member at The Apache Software Foundation
>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>> http://home.apache.org/~ilgrosso/
>>
>>


-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Mime
View raw message