www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Stevenson <ts...@cam.ac.uk>
Subject ASF LDAP Project Update
Date Mon, 11 May 2009 22:56:49 GMT
Good evening,

Good news! At last!

LDAP is now up and running, with a tested synchronisation between EU  
(harmonia) and US (eris).
Thanks to pgollucci who has managed to update all the BSD boxes in  
question to 7.2, and installed the latest OpenLDAP bits.

So, now that we have this working, we are preparing to migrate all  
user accounts into LDAP this week (date to be set tomorrow).
We will be using pam_ldap and nss_ldap to control shell access on  
mino, and this too has been tested.

The plan going forward:

Step 1:  Import all user accounts from mino.  (During which time shell  
access will be denied)
Step 2:  Import all groups from mino.  This will likely be done the  
week following, as it involved merging SVN and POSIX groups into one.   
This will need a little more testing before we flick the switch.
Step 3:  Import all other user artifacts, where possible, into LDAP.  
Things such as .forward files. SSH public keys etc.
Step 4:  Deploy a user management portal, hopefully this will allow us  
to let users self-sooth (self-manage) their account.
Step 5:  Grab some beers.  Get drunk.  Forget everything.  :-)

Other things that need doing

  - Backup the database (daily?) so we can recover very easily if we  
need too.
  - Update the account creation process to include LDAP.

I hope to have this 100% wrapped up before the end of June this year.   
However, as always, if we hit a snag it'll get drawn out.

There are currently no 'live' users in LDAP at the moment.  So you  
dont need to worry about it just yet.


Tony Stevenson

tony@caret.cam.ac.uk  // ts457@cam.ac.uk

1024D/51047D66 ECAF DC55 C608 5E82 0B5E
3359 C9C7 924E 5104 7D66

View raw message