syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <>
Subject Re: [IAM PoC] Starting with implementation
Date Wed, 11 Jan 2017 11:42:49 GMT
On 10/01/2017 23:56, Chris Lambertus wrote:
> Yes, I am available. I will provide you an export of our existing LDAP 
> repository and pointers to our schemas.

Thanks Chris, looks good!

> In answer to your questions below regarding id.a.o:
> 1) Yes, the current id.a.o app exclusively manages data in LDAP as a 
> self-service tool.
> 2a) OpenLDAP
> 2b) A variety including some custom schemas which I will make 
> available you along with the ldif.
> 2c) There are MANY processes and tools which read and write from LDAP.
> The initial scope of the PoC should be to provision Syncope as an 
> admin and end-user UI for maintaining attributes related to LDAP 
> accounts (committers, staff) as a potential replacement for the 
> <> service. Once we’ve explored the 
> key functionality of a test/demo implementation, we can look at what 
> it would take to replace the service in production, along with 
> integrating other tools related to account creation.

I completely agree.

AFAICT, the identified tasks are:

1. setup an OpenLDAP  instance with the content and configuration provided
2. configure the Syncope entities: schemas, realms, resource, tasks, ...
3. configure / customize the Enduser UI

I will start with task (1), manual installation; not sure if it makes 
sense to puppet-ize that: if so, Pierre could possibly help.
Any other volunteer?


>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò 
>> < <>> wrote:
>> Hi all,
>> semi-formal "ping" for Infra guys: is there anyone available for 
>> supporting this PoC? As said from the beginning, a fundamental 
>> requirement is to have someone playing the customer role, otherwise 
>> any effort is pointless.
>> Regards.
>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>>> Quick update:
>>> 1. Pierre has submitted the first PR for puppet at
>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the 
>>> second commit, exactly 1 year after fist one: time flies):

>>> However, without someone from Infra providing info + specifications, 
>>> there is no much more we can do.
>>> Infra, please if you're there, knock once.
>>> Regards.
>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>>> HI all,
>>>> I am happy to report that the VM for the PoC was made available 
>>>> ( - see INFRA-10931.
>>>> I have been able to successfully access via SSH (sudo does not seem 
>>>> to work, but nothing problematic about this ATM).
>>>> I know from IRC that Pierre is at work to try to define a first 
>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>>> Besides such components, the setup process will also need to fetch 
>>>> and build the Maven project from the dedicated GIT repository (see 
>>>> below).
>>>> Now in fist place I think we should re-attempt to start discussing 
>>>> the actual requirements of this PoC, and then the planning.
>>>> This means, essentially, to gather some information from the infra 
>>>> team.
>>>> I propose again to concentrate, from the list shown by Tony in [1], 
>>>> on the first item, e.g. " (The end-user part 
>>>> of it)", which triggers these first questions:
>>>> 1. does the current app exclusively manage data from LDAP?
>>>> 2. if so, could you provide some details:
>>>>    a. which LDAP server implementation? OpenLDAP?
>>>>    b. which object classes are in use? baseDN(s)?
>>>>    c. which processes / tools are reading from LDAP? which are writing?
>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the 
>>>> production LDAP servers so that we can setup a local detached copy 
>>>> which we could use for tests.
>>>> Looking forward to your reply.
>>>> Regards.
>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>>> Hi all,
>>>>> we now have our GIT repository at
>>>>> which is also mirrored, as usual, to GitHub.
>>>>> As you can see, I have made an initial commit featuring an empty 
>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>> Now, waiting for the VM to be available (see INFRA-10931), we can 
>>>>> start defining what is actually going to be part of this PoC, and 
>>>>> how we are going to implement the related features.
>>>>> From the list showed by Tony in [1], I'd start with first item, 
>>>>> e.g. " (The end-user part of it)".
>>>>> Here are some questions:
>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>> 2. if so, could you provide some details:
>>>>>    a. LDAP architecture (replicas, load-balancing, ..)
>>>>>    b. which LDAP server implementation? OpenLDAP?
>>>>>    c. which object classes are in use? baseDN(s)?
>>>>>    d. which processes / tools are reading from LDAP? which are 
>>>>> writing?
>>>>>    e. is there any test LDAP instance available? if not, is it 
>>>>> possible to pre-load some data from the production instances in 
>>>>> order to build a test instance in our development VM?
>>>>> Please add questions if you see something missing.
>>>>> Regards.
>>>>> [1]

Francesco Chicchiriccò

Tirasa - Open Source Excellence

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message