www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <elecha...@apache.org>
Subject Re: LDAP - Next Steps
Date Thu, 28 May 2009 06:11:54 GMT
chris wrote:
>> That defeats people who don't want to open a web browser to change a
>> password... Also the Auth file is not supposed to stay around for
>> ever, as soon as the LDAP server is proven to be stable.
> Hi  Emmanuel,
> It's not quite dead but the hope is that it will be dynamically built.  
> We have some scripts that produce it from an asf-authz-template that
> will live in SVN where asf-authz once was.  The template has everything
> but the group members in it.  In place of those groups are the names of
> the groups as stored in ldap eg. {ldap:committers}  The script reads the
> template, expands the groups from ldap, and writes out the asf-authz
> file.  It does this anytime the template is modified, or a change is
> made to a group that it cares about within ldap.  The list of group its
> cares about it determined from the template. 
> Sound good?
If you forget about the confusion I made (mixing two threads), yes, it 
sounds good as a temporary solution. Also I don't have all the elements 
to define the 'perfect' usage we can do of a LDAP server, as I'm not a 
part of infra per se, being much more a LDAP pure player :)

cordialement, regards,
Emmanuel L├ęcharny

View raw message