[SAC] SAC Status

Frank Warmerdam warmerdam at pobox.com
Fri Jun 23 00:21:51 EDT 2006

Howard Butler wrote:
> As far as I know, Plone/LDAP authentication seems to be working. Only 
> big issue (which looks to be very challenging to fix without some 
> funding for the guys who work on zope ldap stuff) is populating the LDAP 
> with a new user when someone joins the website.  That isn't automatic, 
> and the only way to currently create users is to do so manually with the 
> Directory tool.  It's also possible that we could write a clever python 
> script to do this for us.
> Additionally, I setup the one blade I was accessing to use the LDAP for 
> shell authentication (also limited by only users who were also in the 
> "Shell" access group).
> Short term things that I think need to be done include:
> - For shell users (like buildbots and db administrators, etc), common 
> home directories across the possible machines would be desirable.  I do 
> this with NFS and/or CIFS and it is sufficient if allowed within John's 
> infrastructure.
> - Hook up Apache to do LDAP authentication as well, so things like a 
> subversion repository or just a dumb folder of files can be 
> authenticated in the same way as everything else.
> - The LDAP needs to be doing SSL, or be firewalled to only talk to 
> internal TelaScience machines


Could you explain a bit more to me about why LDAP needs to be doing SSL
or firewalled to only talk to internal servers?  I have added your items
to a SAC TODO list I have started at:


> At 2:24 PM -0700 6/22/06, John Graham wrote:
>> Frank
>> I am moving things slowly along... I could use some help on confirming 
>> the LDAP is working from plone... but i think it good everywhere else.
>> I am also trying to build another blade out with FC4 but my kickstart 
>> server is not leasing a DHCP address to the blade yet... Anyone that has
>> knowledge in this area will be welcome to hop in and help. This blade 
>> will be for the buildbot :)

OK, this sounds good.  Note, John, it was never my intention that you be
loaded with too much of the administrative work beyond what has to be
done on site.

I have tried logging into the plone instance at http://osgeo.telascience.org/
and it does not seem to let me login with my LDAP userid and password.  It
does have an old userid/password that I created within plone.   Howard
mentioned in IRC that the plone authentication module seems to be missing
from the plone instance now.

Best regards,
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | President OSGF, http://osgeo.org

More information about the Sac mailing list