On Thu, 2007-01-04 at 21:03 -0600, TomLy wrote: > test5.fedora.phx.redhat.com has an instance of FDS running on it with > the current schemas and sample data that I've been working with. For a > primer on the schema, please see > http://fedoraproject.org/wiki/Infrastructure/AccountSystem2/Schema .Pretty screenshot attached. > > I need to figure out the group situation still and hope to solidify the > schema so that development against it may commence. I have already > tested and verified apache authentication against it using > mod_authnz_ldap. Do you have some ideas on how we should proceed with development? There are a few separate threads to this: 1) New development is being done in TurboGears. TurboGears has an identity structure that even has an LDAP plugin. We need to test that against our servers. TurboGears also needs to save state (so that you don't have to reauth on every page load), so we'll have to provide a supplemental database to save the session information. 2) Old applications are built using the fedora-accounts python modules. From my brief usage of it, I believe the main API is in the website.py file. We need to compile a list of what applications are using this and port them to the new infrastructure. It may be easiest to port website.py to the new infrastructure so the applications don't have to worry about the changes or it may be better to port the applications to the new LDAP + session interface. It depends on how many apps exist and what they are currently using in website.py. 3) Porting/pointing third party applications that we use to LDAP. This includes MoinMoin, Plone, and OTRS. Since this is the reason we're moving to an LDAP backend, this should be relatively straightforward. 4) OpenID. I think the idea is we host an OpenID server and then new pieces of infrastructure can use either ldap or OpenID to authenticate. The hope is that other places will use Fedora's OpenID service to authenticate our users to their services. I believe that nothing currently has an openID plugin that doesn't have an ldap plugin so this can be put off for a bit. -Toshio
Attachment:
signature.asc
Description: This is a digitally signed message part
