www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@apache.org>
Subject Re: LDAP : first step
Date Sun, 21 Dec 2008 23:15:11 GMT
Tony Stevenson wrote:
> Emmanuel Lécharny wrote:
>> Tony Stevenson wrote:
>>> Tony Stevenson wrote:
>>>> I will arrange for one Solaris zone, so that we can deploy one test 
>>>> environment. There is a currently one such zone, but I would rather 
>>>> start with a clean slate as this still has scatterings of OpenLDAP 
>>>> amongst other things.
>>> Ok, we now have two test zones.  These are to test EU <--> US multi 
>>> master services.  Clearly we only need to begin with one.
>>> Emmanuel, do you have your suggested OC, and tree design?  I want to 
>>> get these into SVN before dishing out access to these Solaris zones, 
>>> and installing anything.
>> I'm currently processing the committers, mixing the iclas.txt file 
>> with the /etc/passwd, in order to have a complete entry for each of 
>> us. It takes time, because there are more entries into passwd than we 
>> have committers (some committers have been obvioulsy removed from the 
>> iclas.txt file, or some users have been granted access without being 
>> present in iclas.txt).
>> The tree I suggest, from now on, will be something like 
>> cn=<committer>,ou=people,dc=apache,dc=org
>> I will be done in around one hour with the big LDIF file.
> Great stuff. Don't check that LDIF in, just yet, we need to make sure 
> it is properly sanitised before doing that :-)
So where do I store it ?
> I agree with the dn for committers, we should be careful though, as we 
> need to incorporate groups, and potentially external 3rd party people, 
> not to mention any other ordinal's that crop up.
Right now, I'm dealing with committers only. Any entry not in committers 
AND passwd will be removed. We may add the other users later.
> I presume "cn=<committer>"  means "cn=availid"  (in my case 
> "cn=pctony") ?
> Can you come up with a proposed tree, and check that into SVN so we 
> can all give it the green light, or not, before we try and get much 
> further.
> Below is just a small snippet of an example I was thinking of, 
> containing 1 or 2 example for each OU.
> dc=apache,dc=org
>   ou=people
>     cn=elecharny
>     cn=minfrin
>     cn=pctony
That's ok
>   ou=groups
>     ou=svn
>       cn=infrastructure
>       cn=infrastructure-interest
>     ou=posix
>       cn=httpd
>       cn=httpd-docs
>     ou=confluence
>     ou=bugzilla
Any reason we want to create subtrees for svn, posix, ... ?
>   ou=external
>     ou=people
>       cn=bar@foo.com
>       cn=foo@bar.com
>     ou=groups
Here, we have to discuss if we want a separate branch for external 
users, when we can add an AT into the person's entry. 

cordialement, regards,
Emmanuel Lécharny

View raw message