www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chris <ch...@ia.gov>
Subject Re: LDAP - Next Steps
Date Wed, 27 May 2009 19:16:27 GMT
Hash: SHA1

> In that case, can't the web application trigger the update of the auth file?

That certainly would have been an easier way to have done it.  Right now I am watching the
source (ldap) using the
syncrep overlay to spot changes.  In the event that ldap group membership is changed in some
way other than via the web
application, the authz file will still be regenerated.  I think this is the best way to do
this, but I'm all ears if you
know a better way to handle it.

> By the way, will the web app also trigger updates to POSIX groups?
> Or are these handled separately?
> I assume the web-app will ensure consistency within LDAP, e.g. all
> group members need to be in the LDAP equivalent of committers-?.

My lack of current practices may bite me here.  Are you asking if the application will check
the Committers groups
before allowing a member to be added to any other group?

If it's not this then here's my answer:

The ldap groups are the POSIX groups.  There will still be some POSIX groups that are defined
local to each system, but
it is my understanding that those will be a very small set that will be maintained manually.
 The current group file as
you know it will be (mostly) living in ldap after SVN has been assimilated.  (Worth mention
-- Committers-[a-z] will
become one large Committers group within ldap.)

At least that's what I think the plan is Sebb. :)  Paul or Tony please correct me if I have
gotten lost along the way.

Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


View raw message