[SAC] server space at telascience

[Howard Butler]

At 10:40 PM -0400 7/13/06, Frank Warmerdam wrote:
>Benjamin Thelen wrote:
>>Hello,
>>
>>
>>I'm Benjamin, systems administrator of CCGIS/Bonn in Germany.
>>Arnulf told me, that there possibly will be server space, an incredibly
>>fast blade server :-), at telascience for hosting mapbender.org 
>>(mediawiki, postgresql) itself and maybe some other related stuff.
>>
>>
>>Also, there is a request on OSGeo-Edu to install a wiki for the EOGEO
>>FreeGIS Book. I think, that this would be a good opportunity to
>>move wiki.osgeo.org to telascience, too, to have it all together.
>>
>>What do you think?
>
>Benjamin,
>
>Indeed, I'm keen to have this setup.  My only concern is which machine to
>put it on, how to keep the various services segregated, and whether we
>ought to be looking at having the freegis book wiki using the LDAP
>service for user authentication so folks can share a signon between in
>and other services.
>
>>From a "which machine to put it on" point of view, we have had a delay in
>getting some of the blades configured due to issues with a "kickstart server".
>So, for now, we have one system with LDAP running on it, but we are trying to
>keep this system quite secure, so we likely don't want too much else on it.
>
>We have another system with a variety of software already installed.  We
>could use it, but I think if we do, then we need to treat this system as
>"medium security" and not provide shell accounts on it widely (to the
>geodata processing folks for instance) for fear of messing up important
>services (starting with this wiki).
>
>Another service we would like to get setup is a bug database, initially for
>Mapbender, but later for other projects too, such as GDAL.  All in all, I
>think we need some careful planning of where things go to avoid services
>conflicting, or stuff getting lost in a tangle of different running systems
>all on the same machine.
>
>So the system I was thinking of is 198.202.74.218 described at:
>
>   http://wiki.osgeo.org/index.php/SAC_Service_Status
>
>Lastly, is there anyone but Hobu currently who can create new LDAP users?
>If not, we will need to wait for him to return from vacation.  I think he
>will be back Monday.  We *really* need to spread around knowledge of how
>LDAP stuff works so others can create users soon.
>
>Best regards,

John should be able to create users in the LDAP as well.  I will put 
a wiki page together to describe the process.  Basically, what needs 
to be done is to create a user, give them a password, set their unix 
stuff (give them a unique UID starting at 10010, home director of 
/home/username, and GID of 100), and then add them to the "Shell" 
group if they are to have shell access.  Email the user with a bogus 
and easy password if they are to have shell access and have them log 
into the (a) shell machine and reset their password with 'passwd'. 
Their home directory will be automatically created for them upon 
first login.

For non-shell users, we need to provide a mechanism to at least 
change passwords and ideally hook up Plone/Drupal/Wikipedia/whatever 
to be able to create users with limited group membership.  This item 
should probably go on a 'todo' list somewhere.  Any pointers on how 
to do this (even a simple web app that *explicitly* does this sort of 
thing would probably be sufficient) would be appreciated.

Benjamin, email me the userid you would like and I will contact you 
with the details.

Howard