www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Stevenson <pct...@apache.org>
Subject Re: LDAP : first step
Date Sun, 21 Dec 2008 23:06:10 GMT


Emmanuel L├ęcharny wrote:
> Tony Stevenson wrote:
>>
>>
>> Tony Stevenson wrote:
>>>
>>>
>>
>>>
>>> I will arrange for one Solaris zone, so that we can deploy one test 
>>> environment. There is a currently one such zone, but I would rather 
>>> start with a clean slate as this still has scatterings of OpenLDAP 
>>> amongst other things.
>>
>> Ok, we now have two test zones.  These are to test EU <--> US multi 
>> master services.  Clearly we only need to begin with one.
>>
>> Emmanuel, do you have your suggested OC, and tree design?  I want to 
>> get these into SVN before dishing out access to these Solaris zones, 
>> and installing anything.
> I'm currently processing the committers, mixing the iclas.txt file with 
> the /etc/passwd, in order to have a complete entry for each of us. It 
> takes time, because there are more entries into passwd than we have 
> committers (some committers have been obvioulsy removed from the 
> iclas.txt file, or some users have been granted access without being 
> present in iclas.txt).
> 
> The tree I suggest, from now on, will be something like 
> cn=<committer>,ou=people,dc=apache,dc=org
> 
> I will be done in around one hour with the big LDIF file.
> 

Great stuff. Don't check that LDIF in, just yet, we need to make sure it 
is properly sanitised before doing that :-)

I agree with the dn for committers, we should be careful though, as we 
need to incorporate groups, and potentially external 3rd party people, 
not to mention any other ordinal's that crop up.

I presume "cn=<committer>"  means "cn=availid"  (in my case "cn=pctony") ?

Can you come up with a proposed tree, and check that into SVN so we can 
all give it the green light, or not, before we try and get much further.

Below is just a small snippet of an example I was thinking of, 
containing 1 or 2 example for each OU.

dc=apache,dc=org
   ou=people
     cn=elecharny
     cn=minfrin
     cn=pctony
   ou=groups
     ou=svn
       cn=infrastructure
       cn=infrastructure-interest
     ou=posix
       cn=httpd
       cn=httpd-docs
     ou=confluence
     ou=bugzilla
   ou=external
     ou=people
       cn=bar@foo.com
       cn=foo@bar.com
     ou=groups


Cheers,
Tony

-- 


-----------------------------------------
Tony Stevenson
tony@pc-tony.com  //  pctony@apache.org
http://www.pc-tony.com/

1024D/51047D66 ECAF DC55 C608 5E82 0B5E  3359 C9C7 924E 5104 7D66
-----------------------------------------

Mime
View raw message