Return-Path: 
 <infrastructure-dev-return-800-apmail-infrastructure-dev-archive=apache.org@apache.org>
Delivered-To: apmail-infrastructure-dev-archive@locus.apache.org
Received: (qmail 73745 invoked from network); 22 Dec 2008 00:03:41 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 22 Dec 2008 00:03:41 -0000
Received: (qmail 12742 invoked by uid 500); 22 Dec 2008 00:03:40 -0000
Delivered-To: apmail-infrastructure-dev-archive@apache.org
Received: (qmail 12623 invoked by uid 500); 22 Dec 2008 00:03:40 -0000
Mailing-List: contact infrastructure-dev-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:infrastructure-dev-help@apache.org>
List-Unsubscribe: <mailto:infrastructure-dev-unsubscribe@apache.org>
List-Post: <mailto:infrastructure-dev@apache.org>
List-Id: <infrastructure-dev.apache.org>
Reply-To: infrastructure-dev@apache.org
Delivered-To: mailing list infrastructure-dev@apache.org
Received: (qmail 12612 invoked by uid 99); 22 Dec 2008 00:03:40 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 21 Dec 2008 16:03:40 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of elecharny@gmail.com designates
 72.14.220.154 as permitted sender)
Received: from [72.14.220.154] (HELO fg-out-1718.google.com) (72.14.220.154)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Dec 2008 00:03:31 +0000
Received: by fg-out-1718.google.com with SMTP id l27so691667fgb.29
        for <infrastructure-dev@apache.org>;
 Sun, 21 Dec 2008 16:03:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:sender:message-id:date:from
         :reply-to:organization:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        bh=zxyqEWFfMYbAbGfwuY+UR/KuDxkiP5h7KZ9EBTab8NM=;
        b=fHibKN/Ox6ZA1BseaXNydmH6QC9r0LRNDr5H6tgJqJip/XQGoXuTKV7HVB2Jx4HHrW
         9U3TIRvWUVGNkvfOzVBcYHbAjaPuU3jMncQYKshWEWex4gWg1ETGL7loOCXeS0/ZClQl
         om3gDab75DtsHyLVjnuLiCwtjsmRghE6i6zn0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=sender:message-id:date:from:reply-to:organization:user-agent
         :mime-version:to:subject:references:in-reply-to:content-type
         :content-transfer-encoding;
        b=mxcY/+QrIP2EyiwKefOSFNtVrREUp1eR2L5WpoxwjfVN9SJsGucdcUve3ia5xaF43r
         XrOH1LHvnZi0mr5Z9ndwE4n3vOhubKThijE378IoIQcOYDOJQDZ1R06NYlBmfWIlFaR0
         J+mArw85sjs98TcQjS+uj2VRN/cAs8e9g/3uU=
Received: by 10.86.92.7 with SMTP id p7mr3257707fgb.74.1229904191130;
        Sun, 21 Dec 2008 16:03:11 -0800 (PST)
Received: from ?192.168.0.11? (vol75-3-82-66-216-176.fbx.proxad.net
 [82.66.216.176])
        by mx.google.com with ESMTPS id 3sm11165309fge.37.2008.12.21.16.03.09
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Sun, 21 Dec 2008 16:03:10 -0800 (PST)
Sender: Emmanuel Lecharny <elecharny@gmail.com>
Message-ID: <494ED93C.8030207@apache.org>
Date: Mon, 22 Dec 2008 01:03:08 +0100
From: =?UTF-8?B?RW1tYW51ZWwgTMOpY2hhcm55?= <elecharny@apache.org>
Reply-To: elecharny@apache.org
Organization: The Apache Software Foundation
User-Agent: Thunderbird 2.0.0.18 (X11/20081125)
MIME-Version: 1.0
To: infrastructure-dev@apache.org
Subject: Re: LDAP : first step
References: <494CD7AC.7090508@nextury.com>
 <494CE03A.3010603@sharp.fm>	 <494CE126.2070101@apache.org>
 <494D83E6.1040308@apache.org>	 <494EBDA8.1040708@apache.org>
  <494EC81A.2020400@apache.org> <1229901446.15695.800.camel@urgyen>
 <494ED117.3080003@apache.org> <494ED21C.8090202@apache.org>
 <494ED6C7.60204@apache.org> <494ED890.7050103@apache.org>
In-Reply-To: <494ED890.7050103@apache.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org


>> I see your point. And we'd better put every non-committers created on 
>> another LDAP server too, in order to avoid DOS (creating an entry on 
>> LDAP is _costly_, I can imagine some robots creating thousands of 
>> entries in confluence for many reasons...)
>
> This was actually a point raised on IRC earlier this week.  One LDAP 
> server for "internal" services.  Another for public accounts on 
> services such as moinmoin, conflucence, bugzilla.
>
> Could we potentially get the internal services LDAP server to sync one 
> way with a public services LDAP instance, and merge with the public 
> services instance?
No need to do that. Better use some referral.
> So that committers can login using their availid, etc.  Without the 
> need to configure 2 LDAP servers.
Here, we need to know how confluence, moin-moin, bugzilla, etc... are 
identifying users with LDAP.



-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org