syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <>
Subject Re: [IAM PoC] Starting with implementation
Date Wed, 11 Jan 2017 15:12:36 GMT
On 11/01/2017 12:42, Francesco Chicchiriccò wrote:
> On 10/01/2017 23:56, Chris Lambertus wrote:
>> Yes, I am available. I will provide you an export of our existing 
>> LDAP repository and pointers to our schemas.
> Thanks Chris, looks good!
>> In answer to your questions below regarding id.a.o:
>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as a 
>> self-service tool.
>> 2a) OpenLDAP
>> 2b) A variety including some custom schemas which I will make 
>> available you along with the ldif.
>> 2c) There are MANY processes and tools which read and write from LDAP.
>> The initial scope of the PoC should be to provision Syncope as an 
>> admin and end-user UI for maintaining attributes related to LDAP 
>> accounts (committers, staff) as a potential replacement for the 
>> <> service. Once we’ve explored the 
>> key functionality of a test/demo implementation, we can look at what 
>> it would take to replace the service in production, along with 
>> integrating other tools related to account creation.
> I completely agree.
> AFAICT, the identified tasks are:
> 1. setup an OpenLDAP  instance with the content and configuration provided
> 2. configure the Syncope entities: schemas, realms, resource, tasks, ...
> 3. configure / customize the Enduser UI
> I will start with task (1), manual installation; not sure if it makes 
> sense to puppet-ize that: if so, Pierre could possibly help.

Updated: thanks to the LDIF dump saved under

/root/asf-20170110.ldif on syncope-vm2

and the LDAP conf chunks I could derive from

I was finally able to successfully import everything; the OpenLDAP 
instance is currently up and running, ready to rumble.

FYI I have placed a copy of the resulting slapd.conf under /root on 

> Any other volunteer?
> Regards.
>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò 
>>> < <>> wrote:
>>> Hi all,
>>> semi-formal "ping" for Infra guys: is there anyone available for 
>>> supporting this PoC? As said from the beginning, a fundamental 
>>> requirement is to have someone playing the customer role, otherwise 
>>> any effort is pointless.
>>> Regards.
>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote:
>>>> Quick update:
>>>> 1. Pierre has submitted the first PR for puppet at
>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the 
>>>> second commit, exactly 1 year after fist one: time flies):

>>>> However, without someone from Infra providing info + 
>>>> specifications, there is no much more we can do.
>>>> Infra, please if you're there, knock once.
>>>> Regards.
>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote:
>>>>> HI all,
>>>>> I am happy to report that the VM for the PoC was made available 
>>>>> ( - see INFRA-10931.
>>>>> I have been able to successfully access via SSH (sudo does not 
>>>>> seem to work, but nothing problematic about this ATM).
>>>>> I know from IRC that Pierre is at work to try to define a first 
>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and PostgreSQL.
>>>>> Besides such components, the setup process will also need to fetch 
>>>>> and build the Maven project from the dedicated GIT repository (see 
>>>>> below).
>>>>> Now in fist place I think we should re-attempt to start discussing 
>>>>> the actual requirements of this PoC, and then the planning.
>>>>> This means, essentially, to gather some information from the infra 
>>>>> team.
>>>>> I propose again to concentrate, from the list shown by Tony in 
>>>>> [1], on the first item, e.g. " (The end-user 
>>>>> part of it)", which triggers these first questions:
>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>> 2. if so, could you provide some details:
>>>>>    a. which LDAP server implementation? OpenLDAP?
>>>>>    b. which object classes are in use? baseDN(s)?
>>>>>    c. which processes / tools are reading from LDAP? which are 
>>>>> writing?
>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the 
>>>>> production LDAP servers so that we can setup a local detached copy 
>>>>> which we could use for tests.
>>>>> Looking forward to your reply.
>>>>> Regards.
>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote:
>>>>>> Hi all,
>>>>>> we now have our GIT repository at
>>>>>> which is also mirrored, as usual, to GitHub.
>>>>>> As you can see, I have made an initial commit featuring an empty

>>>>>> default Syncope 2.0.0-SNAPSHOT setup.
>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we can

>>>>>> start defining what is actually going to be part of this PoC, and

>>>>>> how we are going to implement the related features.
>>>>>> From the list showed by Tony in [1], I'd start with first item, 
>>>>>> e.g. " (The end-user part of it)".
>>>>>> Here are some questions:
>>>>>> 1. does the current app exclusively manage data from LDAP?
>>>>>> 2. if so, could you provide some details:
>>>>>>    a. LDAP architecture (replicas, load-balancing, ..)
>>>>>>    b. which LDAP server implementation? OpenLDAP?
>>>>>>    c. which object classes are in use? baseDN(s)?
>>>>>>    d. which processes / tools are reading from LDAP? which are 
>>>>>> writing?
>>>>>>    e. is there any test LDAP instance available? if not, is it 
>>>>>> possible to pre-load some data from the production instances in 
>>>>>> order to build a test instance in our development VM?
>>>>>> Please add questions if you see something missing.
>>>>>> Regards.
>>>>>> [1]

Francesco Chicchiriccò

Tirasa - Open Source Excellence

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message