www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: LDAP - a simple script that may help with initial account creation
Date Tue, 07 Apr 2009 13:14:49 GMT
On 07/04/2009, Tony Stevenson <tony@pc-tony.com> wrote:
>
>  Thanks for that.
>
>  For those that do not have an ICLA on file, their account will not get
> auto-created.  When (or if) they contact us, we can move to resolve these on
> a case-by-case basis.
>  No one should have access to any of our infrastructure wihtout an ICLA on
> file.

Apart from the exceptions listed in noclas.txt?

There are some people who don't contribute code.

>  I am sure this can be brought up in an email to committers@ - Before we
> move to LDAP.
>
>  No rush just yet.  Paul, ISTR you agreeing with me that no ICLA precludes
> folks from getting an account.
>
>
>
>
>
>
>  On 7 Apr 2009, at 13:45, sebb wrote:
>
>
> > On 07/04/2009, Tony Stevenson <tony@pc-tony.com> wrote:
> >
> > > I have now used this to import all users into ldap.
> > >
> > >
> > > **Skipped 162 entries due to no match for loginID in ICLAS.
> > > **Skipped 0 because loginid was already found as a uid in LDAP.
> > > **Attempted to make 1975 entries to LDAP.
> > >
> > >
> > > So we now have a way to import all users from /etc/master.passwd - As
> for
> > > the 162 failed imports, I am working my way through those to see if it
> is a
> > > scripting issue, or as it seems more likely an issue with there
> iclas.txt
> > >
> >
> > There are a few active entries in passwd which don't have entries in
> > iclas.txt; these are marked as exceptions in noclas.txt
> >
> > However there are a lot of disabled passwd entries, these don't always
> > have entries in iclas.txt.
> >
> > There is a script I wrote to check authorization, iclas and passwd at:
> >
> >
> https://svn.apache.org/repos/asf/infrastructure/trunk/tools/validation
> >
> > perl -w authcheck.pl
> -auth=authorization/asf-authorization
> > -iclas=officers/iclas.txt
> >
> > This requires a work sub-directory which should contain a copy of
> > passwd if you want to check against it.
> >
> > Output is to the work directory.
> >
> >
> > >
> > > Chris, thanks again for your help and perl-y fu.
> > >
> > >
> > > I am now working on testing LDAP access from FreeBSD (PAM/NSS_LDAP) and
> > > from Solaris (httpd module)
> > >
> > >
> > > Cheers,
> > > Tony
> > >
> > >
> > >
> > >
> > >
> > > On 5 Apr 2009, at 20:49, chris wrote:
> > >
> > >
> > >
> > > >
> > > >
> > > >
> > > > >
> > > > >
> > > > > > Is the user's public name going to be part of the LDAP database?
> > > > > > If so, the /etc/passwd file is likely to be the best source,
as
> users
> > > > > > can correct this, unlike ICLAS.
> > > > > >
> > > > > >
> > > > > Exactly.
> > > > >
> > > > >
> > > >
> > > > So pull from gecos field then.   What all do you guys have in there,
> just
> > > >
> > > the full name?  That field is often populated by a "," separated list of
> > > stuff.
> > >
> > > >
> > > >
> > > >
> > > > > We will use the mail address from .forward as that is the file we
> honour
> > > > >
> > > >
> > > for all userid@apache.org addresses.  Now some folks don't forward their
> > > mail on, they collect it.  But that is ok too.
> > >
> > > >
> > > > > Folks are most likely to maintain this address as that is ultimately
> the
> > > > >
> > > >
> > > way they get to read their email.  :-)
> > >
> > > >
> > > > >
> > > > >
> > > >
> > > > Done.  If .forward is unreadable or empty this is left undefined.
> > > > Latest revision is here
> http://arreyder.com/pass2ldap.pl
> > > >
> > > > crr/arreyder
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > > Cheers,
> > > Tony
> > >
> > >
> > > -----------------------------------------
> > > Tony Stevenson
> > > tony@pc-tony.com  //  pctony@apache.org  // pctony@freenode.net
> > > http://blog.pc-tony.com/
> > >
> > > 1024D/51047D66 ECAF DC55 C608 5E82 0B5E  3359 C9C7 924E 5104 7D66
> > > -----------------------------------------
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
>
>
>
>  Cheers,
>  Tony
>
>
>  -----------------------------------------
>  Tony Stevenson
>  tony@pc-tony.com  //  pctony@apache.org  // pctony@freenode.net
>  http://blog.pc-tony.com/
>
>  1024D/51047D66 ECAF DC55 C608 5E82 0B5E  3359 C9C7 924E 5104 7D66
>  -----------------------------------------
>
>
>
>
>
>

Mime
View raw message