[SAC] SAC Status
warmerdam at pobox.com
Fri Jun 23 00:21:51 EDT 2006
Howard Butler wrote:
> As far as I know, Plone/LDAP authentication seems to be working. Only
> big issue (which looks to be very challenging to fix without some
> funding for the guys who work on zope ldap stuff) is populating the LDAP
> with a new user when someone joins the website. That isn't automatic,
> and the only way to currently create users is to do so manually with the
> Directory tool. It's also possible that we could write a clever python
> script to do this for us.
> Additionally, I setup the one blade I was accessing to use the LDAP for
> shell authentication (also limited by only users who were also in the
> "Shell" access group).
> Short term things that I think need to be done include:
> - For shell users (like buildbots and db administrators, etc), common
> home directories across the possible machines would be desirable. I do
> this with NFS and/or CIFS and it is sufficient if allowed within John's
> - Hook up Apache to do LDAP authentication as well, so things like a
> subversion repository or just a dumb folder of files can be
> authenticated in the same way as everything else.
> - The LDAP needs to be doing SSL, or be firewalled to only talk to
> internal TelaScience machines
Could you explain a bit more to me about why LDAP needs to be doing SSL
or firewalled to only talk to internal servers? I have added your items
to a SAC TODO list I have started at:
> At 2:24 PM -0700 6/22/06, John Graham wrote:
>> I am moving things slowly along... I could use some help on confirming
>> the LDAP is working from plone... but i think it good everywhere else.
>> I am also trying to build another blade out with FC4 but my kickstart
>> server is not leasing a DHCP address to the blade yet... Anyone that has
>> knowledge in this area will be welcome to hop in and help. This blade
>> will be for the buildbot :)
OK, this sounds good. Note, John, it was never my intention that you be
loaded with too much of the administrative work beyond what has to be
done on site.
I have tried logging into the plone instance at http://osgeo.telascience.org/
and it does not seem to let me login with my LDAP userid and password. It
does have an old userid/password that I created within plone. Howard
mentioned in IRC that the plone authentication module seems to be missing
from the plone instance now.
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | President OSGF, http://osgeo.org
More information about the Sac