www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <elecha...@apache.org>
Subject Re: Centralised authentication/authorisation
Date Sun, 07 Dec 2008 22:13:15 GMT
Aristedes Maniatis wrote:
> <snip/>
>> Initially there will be one class of user.  Those who have an 
>> apache.org  account, i.e. those with an availid.  When we look to 
>> extend the use of LDAP to cover other public services such as 
>> Buzilla, JIRA, etc then we will look to create a 2nd class of user.  
>> That class will most likely use an email address as the unique 
>> identifier.  The reason for this is to prevent folks from squatting 
>> namespace in the apache.org domain. i.e. You cant sign up to Jira, 
>> and effectively reserver nyname@apache.org. if you are invited to 
>> become a committer and the name you request if free, then fine, if 
>> not.  Then choose again.  Apparently there are people out there who 
>> are unscruplious enough to do this. :-)
> If you'd like people to review it, please put the LDIF of your 
> apachePerson up somewhere. I think getting that class right is 80% of 
> the battle and the rest of the schema doesn't make much sense without it.
Here is a list of attributes we might need. This is just a first drop, 
some attributes may be added.

ObjectClass ASF-person
cn : the user common name
sn : the user surname
gn : the user given name
uid : the user id, the one the user connect with
asf-email+ : the ASF mail
asf-forward+ : the user .foward
mail* : any other user mail, may have more than one <im AT>*+ : The 
Instant Messaging ids (to be defined, we may need more than one AT)
website*+ : the user website
asf-committer*+ : the projects the user is committer on (it's a ref)
asf-pmc+* : the PMC the user is member of (it's a ref)
asf-chairman+* : the projects the user is chairman of (it's a ref)
asf-board+ : tells if the user is a board member
asf-member+ : tells if the user is an asf member
asf-emeritus-committer+* : list the projects the user is emeritus 
committer from
asf-emeritus-pmc+* : list the PMCs the user is emeritus for
asf-emeritus-member+ : tells if the user is an emeritus member
status : deceased or alive
company+* : gives the user's affiliation
blog+* : the user's blogs
asf-ccla: the ASF ccla, if any
asf-icla: the ASF icla
description : a shot notice about the user
l*: Localisation
c: The user's country
jpegPhoto*: The user's picture
usercertificate*: The user's certificates
pgp+: The user's PGP key-fingerprint
birthdate: The user's birthdate
age: The user's age
gender: Wether the user is male of female
asf-mentor+*: The list of incubator projects the user is mentor of
asf-moderator+*: The lists the user is currently moderating

example :
dn: uid=elecharny, ou=users, dc=apache, dc=org
uid: elecharny
cn: Emmanuel Lecharny
sn: Lecharny
gn: Emmanuel
asf-mail: elecharny@apache.org
mail: elecharny@iktek.com
mail: elecharny@hotmail.com
mail: elecharny@gmail.com
mail: elecharny@nextury.com
asf-forward : elecharny@iktek.com
im-jabber: elecharny@gmail.com
im-msn: elecharny@hotmail.com
im-yahoo: elecharny
web-site: www.iktek.com
web-site: www.newtury.com
asf-committer: cn=directory, ou=projects, dc=apache, dc=org
asf-committer: cn=mina, ou=projects, dc=apache, dc=org
asf-committer: cn=labs, ou=projects, dc=apache, dc=org
asf-committer: cn=incubator, ou=projects, dc=apache, dc=org
asf-pmc : cn=directory, ou=projects, dc=apache, dc=org
asf-pmc : cn=mina, ou=projects, dc=apache, dc=org
asf-pmc : cn=incubator, ou=projects, dc=apache, dc=org
asf-chairman : cn=directory, ou=projects, dc=apache, dc=org
asf-board: FALSE
asf-member: TRUE
asf-emeritus-member: FALSE
company: iktek
company: nextury
blog: http://hrabal.blogspot.com/
asf-icla: <the pdf>
description: nothing special
l: 101 rue saint-maur, 75011 Paris
c: France
jpegPhoto: <my picture>
usercertificate: ssh-dss 

pgp: 104B FA7A 3C57 15C2 385E  563E 3CF3 921C C6D4 44ED
birthdate: 08/12/1964
age: 44
gender: male
asf-mentor: jsecurity
asf-moderator: commits@directory.apache.org
asf-moderator: dev@directory.apache.org
asf-moderator: users@directory.apache.org
asf-moderator: announce@directory.apache.org
asf-moderator: private@directory.apache.org
asf-moderator: commits@mina.apache.org
asf-moderator: dev@mina.apache.org
asf-moderator: users@mina.apache.org
asf-moderator: announce@mina.apache.org
asf-moderator: private@mina.apache.org
asf-moderator: jsecurity-dev@incubator.apache.org
asf-moderator: jsecurity-private@incubator.apache.org
asf-moderator: jsecurity-commits@incubator.apache.org

We should also be able to store some dates, like date when a user became 
a committer on project X, and such.

ObjectClass ASF-project
cn: the project's name
asf-incubating+: Tells if the project is incubating
asf-inception+: The date of the project's inception
asf-tlp+: Tells if the project is a TLP or not
asf-project+: Gives the ref to the project this sub-project is depending 
on (if the asf-tlp is FALSE and the asf-incubating is FALSE).
description: a short notice about the project
asf-website: The project's website
asf-irc+* : The associated IRC channels
asf-ml+*: The project mailing lists
asf-issues+*: The associated JIRA
asf-wiki+* : The associated wikis
asf-svn+ : The svn root
asf-status+ : Tells if the project is alive or dormant
asf-crypto+ : Tells if the project is using some cryptographic components
asf-release+* : Gives all the releases

dn: cn=directory, dc=projects, dc=apache, dc=org
cn: directory
asf-incubating: FALSE
asf-inception: 10 Sept 2003
asf-tlp: FALSE
description: The Apache Directory Project provides directory solutions 
entirely written in Java.
These include a directory server, which has been certified as LDAP v3 
compliant by the Open Group
(Apache Directory Server), and Eclipse-based directory tools (Apache 
Directory Studio).
asf-website: http://directory.apache.org
asf-irc: #apache-directory
asf-irc: #apache-directory-dev
asf-ml: private@directory.apache.org
asf-ml: commits@directory.apache.org
asf-ml: users@directory.apache.org
asf-ml: announce@directory.apache.org
asf-issues: https://issues.apache.org/jira/browse/DIR
asf-issues: https://issues.apache.org/jira/browse/DIRSERVER
asf-wiki: http://cwiki.apache.org/confluence/display/directory
asf-wiki: http://cwiki.apache.org/confluence/display/DIRxDEV
asf-wiki: http://cwiki.apache.org/confluence/display/DIRxPMGT
asf-wiki: http://cwiki.apache.org/confluence/display/DIRxSBOX
asf-wiki: http://cwiki.apache.org/confluence/display/DIRxINTEROP
asf-wiki: http://cwiki.apache.org/confluence/display/DIRxSRVx10
asf-wiki: http://cwiki.apache.org/confluence/display/DIRxSRVx11
asf-wiki: http://cwiki.apache.org/confluence/display/DIRxSRVx20
asf-wiki: http://cwiki.apache.org/confluence/display/DIRxSITE
asf-svn:  https://svn.apache.org/repos/asf/directory
asf-status: alive
asf-crypto: TRUE
asf-release: 0.9.0
asf-release: 0.9.1
asf-release: 0.9.2
asf-release: 0.9.3
asf-release: 1.0-RC1
asf-release: 1.0-RC2
asf-release: 1.0-RC3
asf-release: 1.0-RC4
asf-release: 1.0.0
asf-release: 1.0.1
asf-release: 1.0.2
asf-release: 1.5.0
asf-release: 1.5.1
asf-release: 1.5.2
asf-release: 1.5.3
asf-release: 1.5.4

> I don't understand what you mean by 'class of user' above. Do you mean 
> class == objectClass in the LDAP sense?
I don't think that was what Tony meant. We will have different 'types' 
of users : ASF committers, external contributors (like those who simply 
fill a JIRA), etc.

cordialement, regards,
Emmanuel L├ęcharny

View raw message