www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Stevenson <t...@pc-tony.com>
Subject Re: LDAP - Next Steps
Date Thu, 28 May 2009 20:16:26 GMT

On 28 May 2009, at 07:11, Emmanuel L├ęcharny wrote:

> chris wrote:
>>> That defeats people who don't want to open a web browser to change a
>>> password... Also the Auth file is not supposed to stay around for
>>> ever, as soon as the LDAP server is proven to be stable.
>> Hi  Emmanuel,
>> It's not quite dead but the hope is that it will be dynamically  
>> built.  We have some scripts that produce it from an asf-authz- 
>> template that
>> will live in SVN where asf-authz once was.  The template has  
>> everything
>> but the group members in it.  In place of those groups are the  
>> names of
>> the groups as stored in ldap eg. {ldap:committers}  The script  
>> reads the
>> template, expands the groups from ldap, and writes out the asf-authz
>> file.  It does this anytime the template is modified, or a change is
>> made to a group that it cares about within ldap.  The list of group  
>> its
>> cares about it determined from the template.
>> Sound good?
> If you forget about the confusion I made (mixing two threads), yes,  
> it sounds good as a temporary solution. Also I don't have all the  
> elements to define the 'perfect' usage we can do of a LDAP server,  
> as I'm not a part of infra per se, being much more a LDAP pure  
> player :)


This is actually the permanent solution as it is the best fit for our  
requirements and needs.


Tony Stevenson

tony@pc-tony.com - pctony@apache.org
pctony@freenode.net - tony@caret.cam.ac.uk


1024D/51047D66 ECAF DC55 C608 5E82 0B5E
3359 C9C7 924E 5104 7D66

View raw message