syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Smits <pierre.sm...@gmail.com>
Subject Re: [IAM PoC] Starting with implementation
Date Thu, 12 Jan 2017 21:22:26 GMT
I have configured the Apache HTTPD as the proxy server for the syncope
deployment over ssl

Following url's can now be used:

   - http://idm-poc.apache.org/syncope, redirecting to
   https://idm-poc.apache.org/syncope
   - http://idm-poc.apache.org/syncope-console, redirecting to
   https://idm-poc.apache.org/syncope-console
   - http://idm-poc.apache.org/syncope-enduser, redirecting to
   https://idm-poc.apache.org/syncope-enduser

I still have to look at aspects like:

   - https://idm-poc.apache.org/syncope/swagger

As this doesn't work correctly. But then again,
http://idm-poc.apache.org:8080/syncope/swagger doesn't work either.

Please do *not* use the syncope implementation via the unencrypted tomcat
port 8080/

Best regards,

Pierre Smits

ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services

OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/

On Thu, Jan 12, 2017 at 8:23 PM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:

> Il 12 gennaio 2017 19:23:37 CET, Pierre Smits <pierre.smits@gmail.com> ha
> scritto:
> >I see that the syncope-vm is working. But did we use the preconfigured
> >installations of tomcat and postgresql (the client for connection to a
> >ASF
> >psql setup)?
>
> syncope-vm.apache.org hosts our public demo, see
>
> http://syncope.apache.org/demo.html
>
> I am working on syncope-vm2 with manual Tomcat deployment (and PostgreSQL)
> of the artifacts built from the POC GIT repository.
>
> Regards.
>
> >On Thu, Jan 12, 2017 at 5:14 PM, Francesco Chicchiriccò
> ><ilgrosso@apache.org
> >> wrote:
> >
> >> Hi,
> >> quick update: I have defined some schemas and the local LDAP resource
> >with
> >> provision for both users and groups: at the moment browsing the
> >resource
> >> from Syncope Admin UI works fine.
> >>
> >> Regards.
> >>
> >> On 11/01/2017 16:12, Francesco Chicchiriccò wrote:
> >>
> >>> On 11/01/2017 12:42, Francesco Chicchiriccò wrote:
> >>>
> >>>> On 10/01/2017 23:56, Chris Lambertus wrote:
> >>>>
> >>>>> Yes, I am available. I will provide you an export of our existing
> >LDAP
> >>>>> repository and pointers to our schemas.
> >>>>>
> >>>>
> >>>> Thanks Chris, looks good!
> >>>>
> >>>> In answer to your questions below regarding id.a.o:
> >>>>>
> >>>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP
as
> >a
> >>>>> self-service tool.
> >>>>>
> >>>>> 2a) OpenLDAP
> >>>>> 2b) A variety including some custom schemas which I will make
> >available
> >>>>> you along with the ldif.
> >>>>> 2c) There are MANY processes and tools which read and write from
> >LDAP.
> >>>>>
> >>>>> The initial scope of the PoC should be to provision Syncope as an
> >admin
> >>>>> and end-user UI for maintaining attributes related to LDAP
> >accounts
> >>>>> (committers, staff) as a potential replacement for the
> >id.apache.org <
> >>>>> http://id.apache.org> service. Once we’ve explored the key
> >>>>> functionality of a test/demo implementation, we can look at what
> >it would
> >>>>> take to replace the service in production, along with integrating
> >other
> >>>>> tools related to account creation.
> >>>>>
> >>>>
> >>>> I completely agree.
> >>>>
> >>>> AFAICT, the identified tasks are:
> >>>>
> >>>> 1. setup an OpenLDAP  instance with the content and configuration
> >>>> provided
> >>>> 2. configure the Syncope entities: schemas, realms, resource,
> >tasks, ...
> >>>> 3. configure / customize the Enduser UI
> >>>>
> >>>> I will start with task (1), manual installation; not sure if it
> >makes
> >>>> sense to puppet-ize that: if so, Pierre could possibly help.
> >>>>
> >>>
> >>> Updated: thanks to the LDIF dump saved under
> >>>
> >>> /root/asf-20170110.ldif on syncope-vm2
> >>>
> >>> and the LDAP conf chunks I could derive from
> >>>
> >>> https://github.com/apache/infrastructure-puppet/tree/deploym
> >>> ent/modules/ldapserver
> >>>
> >>> I was finally able to successfully import everything; the OpenLDAP
> >>> instance is currently up and running, ready to rumble.
> >>>
> >>> FYI I have placed a copy of the resulting slapd.conf under /root on
> >>> syncope-vm2
> >>>
> >>> Any other volunteer?
> >>>>
> >>>> Regards.
> >>>>
> >>>>
> >>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò
> ><ilgrosso@apache.org
> >>>>>> <mailto:ilgrosso@apache.org>> wrote:
> >>>>>>
> >>>>>> Hi all,
> >>>>>> semi-formal "ping" for Infra guys: is there anyone available
for
> >>>>>> supporting this PoC? As said from the beginning, a fundamental
> >requirement
> >>>>>> is to have someone playing the customer role, otherwise any
> >effort is
> >>>>>> pointless.
> >>>>>>
> >>>>>> Regards.
> >>>>>>
> >>>>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
> >>>>>>
> >>>>>>> Quick update:
> >>>>>>>
> >>>>>>> 1. Pierre has submitted the first PR for puppet at
> >>>>>>> https://github.com/apache/infrastructure-puppet/pull/156
> >>>>>>>
> >>>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's
the
> >>>>>>> second commit, exactly 1 year after fist one: time flies):
> >>>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e
> >>>>>>> 7e52116834837dbda984
> >>>>>>>
> >>>>>>> However, without someone from Infra providing info +
> >specifications,
> >>>>>>> there is no much more we can do.
> >>>>>>> Infra, please if you're there, knock once.
> >>>>>>>
> >>>>>>> Regards.
> >>>>>>>
> >>>>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
> >>>>>>>
> >>>>>>>> HI all,
> >>>>>>>> I am happy to report that the VM for the PoC was made
available
> >(
> >>>>>>>> syncope-vm2.apache.org) - see INFRA-10931.
> >>>>>>>> I have been able to successfully access via SSH (sudo
does not
> >seem
> >>>>>>>> to work, but nothing problematic about this ATM).
> >>>>>>>>
> >>>>>>>> I know from IRC that Pierre is at work to try to define
a first
> >>>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and
> >PostgreSQL.
> >>>>>>>> Besides such components, the setup process will also
need to
> >fetch
> >>>>>>>> and build the Maven project from the dedicated GIT repository
> >(see below).
> >>>>>>>>
> >>>>>>>> Now in fist place I think we should re-attempt to start
> >discussing
> >>>>>>>> the actual requirements of this PoC, and then the planning.
> >>>>>>>>
> >>>>>>>> This means, essentially, to gather some information
from the
> >infra
> >>>>>>>> team.
> >>>>>>>>
> >>>>>>>> I propose again to concentrate, from the list shown
by Tony in
> >[1],
> >>>>>>>> on the first item, e.g. "https://id.apache.org (The
end-user
> >part
> >>>>>>>> of it)", which triggers these first questions:
> >>>>>>>>
> >>>>>>>> 1. does the current app exclusively manage data from
LDAP?
> >>>>>>>> 2. if so, could you provide some details:
> >>>>>>>>    a. which LDAP server implementation? OpenLDAP?
> >>>>>>>>    b. which object classes are in use? baseDN(s)?
> >>>>>>>>    c. which processes / tools are reading from LDAP?
which are
> >>>>>>>> writing?
> >>>>>>>>
> >>>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export
of the
> >>>>>>>> production LDAP servers so that we can setup a local
detached
> >copy which we
> >>>>>>>> could use for tests.
> >>>>>>>>
> >>>>>>>> Looking forward to your reply.
> >>>>>>>> Regards.
> >>>>>>>>
> >>>>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
> >>>>>>>>
> >>>>>>>>> Hi all,
> >>>>>>>>> we now have our GIT repository at
> >>>>>>>>>
> >>>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git
> >>>>>>>>>
> >>>>>>>>> which is also mirrored, as usual, to GitHub.
> >>>>>>>>>
> >>>>>>>>> As you can see, I have made an initial commit featuring
an
> >empty
> >>>>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
> >>>>>>>>>
> >>>>>>>>> Now, waiting for the VM to be available (see INFRA-10931),
we
> >can
> >>>>>>>>> start defining what is actually going to be part
of this PoC,
> >and how we
> >>>>>>>>> are going to implement the related features.
> >>>>>>>>>
> >>>>>>>>> From the list showed by Tony in [1], I'd start with
first
> >item,
> >>>>>>>>> e.g. "https://id.apache.org (The end-user part of
it)".
> >>>>>>>>>
> >>>>>>>>> Here are some questions:
> >>>>>>>>>
> >>>>>>>>> 1. does the current app exclusively manage data
from LDAP?
> >>>>>>>>> 2. if so, could you provide some details:
> >>>>>>>>>    a. LDAP architecture (replicas, load-balancing,
..)
> >>>>>>>>>    b. which LDAP server implementation? OpenLDAP?
> >>>>>>>>>    c. which object classes are in use? baseDN(s)?
> >>>>>>>>>    d. which processes / tools are reading from LDAP?
which are
> >>>>>>>>> writing?
> >>>>>>>>>    e. is there any test LDAP instance available?
if not, is it
> >>>>>>>>> possible to pre-load some data from the production
instances
> >in order to
> >>>>>>>>> build a test instance in our development VM?
> >>>>>>>>>
> >>>>>>>>> Please add questions if you see something missing.
> >>>>>>>>>
> >>>>>>>>> Regards.
> >>>>>>>>>
> >>>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz
> >>>>>>>>>
> >>>>>>>>
> >> --
> >> Francesco Chicchiriccò
> >>
> >> Tirasa - Open Source Excellence
> >> http://www.tirasa.net/
> >>
> >> Member at The Apache Software Foundation
> >> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> >> http://home.apache.org/~ilgrosso/
> >>
> >>
>
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF,
> OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message