New accounts LDAP server running
Toshio Kuratomi
a.badger at gmail.com
Sat Jan 6 00:47:36 UTC 2007
On Thu, 2007-01-04 at 21:03 -0600, TomLy wrote:
> test5.fedora.phx.redhat.com has an instance of FDS running on it with
> the current schemas and sample data that I've been working with. For a
> primer on the schema, please see
> http://fedoraproject.org/wiki/Infrastructure/AccountSystem2/Schema .Pretty screenshot attached.
>
> I need to figure out the group situation still and hope to solidify the
> schema so that development against it may commence. I have already
> tested and verified apache authentication against it using
> mod_authnz_ldap.
Do you have some ideas on how we should proceed with development? There
are a few separate threads to this:
1) New development is being done in TurboGears. TurboGears has an
identity structure that even has an LDAP plugin. We need to test that
against our servers. TurboGears also needs to save state (so that you
don't have to reauth on every page load), so we'll have to provide a
supplemental database to save the session information.
2) Old applications are built using the fedora-accounts python modules.
From my brief usage of it, I believe the main API is in the website.py
file. We need to compile a list of what applications are using this and
port them to the new infrastructure. It may be easiest to port
website.py to the new infrastructure so the applications don't have to
worry about the changes or it may be better to port the applications to
the new LDAP + session interface. It depends on how many apps exist and
what they are currently using in website.py.
3) Porting/pointing third party applications that we use to LDAP. This
includes MoinMoin, Plone, and OTRS. Since this is the reason we're
moving to an LDAP backend, this should be relatively straightforward.
4) OpenID. I think the idea is we host an OpenID server and then new
pieces of infrastructure can use either ldap or OpenID to authenticate.
The hope is that other places will use Fedora's OpenID service to
authenticate our users to their services. I believe that nothing
currently has an openID plugin that doesn't have an ldap plugin so this
can be put off for a bit.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20070105/a7c56c95/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list