diff options
Diffstat (limited to 'zarb-ml/mageia-webteam/2011-January/000177.html')
| -rw-r--r-- | zarb-ml/mageia-webteam/2011-January/000177.html | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/zarb-ml/mageia-webteam/2011-January/000177.html b/zarb-ml/mageia-webteam/2011-January/000177.html new file mode 100644 index 000000000..5065851a1 --- /dev/null +++ b/zarb-ml/mageia-webteam/2011-January/000177.html @@ -0,0 +1,115 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-webteam] [Mageia-sysadm] New test tree in ldap + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-webteam%40mageia.org?Subject=Re%3A%20%5BMageia-webteam%5D%20%5BMageia-sysadm%5D%20New%20test%20tree%20in%20ldap&In-Reply-To=%3C1295893524.31817.45.camel%40akroma.ephaone.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000175.html"> + <LINK REL="Next" HREF="000173.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-webteam] [Mageia-sysadm] New test tree in ldap</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-webteam%40mageia.org?Subject=Re%3A%20%5BMageia-webteam%5D%20%5BMageia-sysadm%5D%20New%20test%20tree%20in%20ldap&In-Reply-To=%3C1295893524.31817.45.camel%40akroma.ephaone.org%3E" + TITLE="[Mageia-webteam] [Mageia-sysadm] New test tree in ldap">misc at zarb.org + </A><BR> + <I>Mon Jan 24 19:25:24 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="000175.html">[Mageia-webteam] [Mageia-sysadm] New test tree in ldap +</A></li> + <LI>Next message: <A HREF="000173.html">[Mageia-webteam] [Mageia-sysadm] New test tree in ldap +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#177">[ date ]</a> + <a href="thread.html#177">[ thread ]</a> + <a href="subject.html#177">[ subject ]</a> + <a href="author.html#177">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le lundi 24 janvier 2011 à 17:54 +0000, Kosmas Chatzimichalis a écrit : +><i> > +</I>><i> > +</I>><i> > > Would we need a different user name for the application, or we would have +</I>><i> > a +</I>><i> > > group that exists there and has admin permissions in the app? +</I>><i> > +</I>><i> > The login do not have write access to the ldap, it just here to connect +</I>><i> > to ldap,do the login ( like misc ) to ldap login mapping ( like +</I>><i> > uid=misc,ou=People,dc=mageia,dc=org ), and then test if the password is +</I>><i> > correct by binding to ldap using ldap login and the password. +</I>><i> > +</I>><i> > Now, if you need to store something to ldap, we can arrange something, +</I>><i> > but that would requires to change ACLs ( and I think that it is better +</I>><i> > to not use ldap to store this, for various reason like "ldap is more +</I>><i> > complex to manage than sql" ) +</I>><i> +</I>><i> I was thinking along the lines, about permissions of who can edit/create +</I>><i> entries in the maintainers db? +</I>><i> So, if a user (maintainer with admin permissions?) has the necessary entry +</I>><i> in the ldap, then they should be able to change things in the maintainers +</I>><i> db. +</I> +I think that simply checking if someone is in some ldap group would be +sufficient. ( and more in conformance with the way the rest of +infrastructure is managed ). I would even add for more than 1 group so +we can have sysadmin and another group of packagers, if delegation is +needed. + +There is various way to handle this, and I think you should ask to +packagers about what they would want, especially with regard to multiple +maintainers per packages ( not for now, of course as the goal was to +have something ready fast, but such improvements were quite asked +afaik ). Ie, who can accept another packagers or not ? + +We do not have any upload restrictions yet, but I guess that sooner or +later, some parts will be restricted, and it would be better to have +them maintainers based rather than duplicating the username in the +buildsystem configuration. + + +><i> I don't think there will be a need to have write permissions to ldap, unless +</I>><i> we want to create maintainers in maint db app, and write that to the ldap. +</I>><i> I will send another email with a few questions about maint db later on. +</I> +Yup, the maintainer creation should be done on ldap first, as people +need a account to maintain anything. + +><i> OK. That's great thanks Michael. +</I>><i> Again I was thinking about a maintainer, that I should be doing a lookup in +</I>><i> ldap, but I could be testing that with my account I suppose. +</I> +I am not sure that would work :/ + +The ldap is quite restricted to protect privacy of users, and only +service accounts should be able to get such informations. + +-- +Michael Scherer + +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000175.html">[Mageia-webteam] [Mageia-sysadm] New test tree in ldap +</A></li> + <LI>Next message: <A HREF="000173.html">[Mageia-webteam] [Mageia-sysadm] New test tree in ldap +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#177">[ date ]</a> + <a href="thread.html#177">[ thread ]</a> + <a href="subject.html#177">[ subject ]</a> + <a href="author.html#177">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-webteam">More information about the Mageia-webteam +mailing list</a><br> +</body></html> |