-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/24/2010 07:48 AM, Jenny Galipeau wrote: > Stephen John Smoogen wrote: >> On Tue, Feb 23, 2010 at 5:49 PM, James Laska <jlaska@xxxxxxxxxx> wrote: >> >>> Apologies, forgot to include sgallagh and jgalipea to the initial cc >>> list. >>> >>> On Tue, 2010-02-23 at 14:45 -0700, Stephen John Smoogen wrote: >>> >>>> On Tue, Feb 23, 2010 at 2:36 PM, James Laska <jlaska@xxxxxxxxxx> wrote: >>>> >>>> >>>>> A kerberos and ldap server available for participants of the SSSD test >>>>> day >>>>> >>>>> Project plan (Detailed): >>>>> We need both a kerberos and LDAP server available to test F-13 >>>>> SSSDbyDefault changes. Specifically (provided by sgallagh): >>>>> >>>>> >>>> A couple of questions: >>>> >>>> This needs to be publicly accessible versus inside of colo >>>> >>> Yes, this would be publicly accessible and needed only for the test day. >>> >>> >>>> The LDAP needs to be added/controlled by? >>>> >>> I believe we may need to provide you with an initial data set to >>> populate. Alternatively, we request permissions so that information can >>> be added as we go. Stephen (cc'd) may have a preference here. >>> >>> >> >> I am guessing that we would be setting up FreeIPA is what is wanted? I >> am just trying to get an idea of what is needed and if how much are >> wanted from infrastructure and what will be done by people. Sorry for >> the many questions. >> > FreeIPA would work, but it can be just a 389 Directory Server and a > Kerberos server. As for initial data, there should be at least one user. >> >> >> > > Copying what I just sent to the Infrastructure list: On 02/23/2010 04:56 PM, Mike McGrath wrote: > > > > On Tue, 23 Feb 2010, Stephen John Smoogen wrote: > > >> >> On Tue, Feb 23, 2010 at 2:36 PM, James Laska <jlaska@xxxxxxxxxx> wrote: >> >> >>> >>> A kerberos and ldap server available for participants of the SSSD test >>> >>> day >>> >>> >>> >>> Project plan (Detailed): >>> >>> We need both a kerberos and LDAP server available to test F-13 >>> >>> SSSDbyDefault changes. Specifically (provided by sgallagh): >>> >>> >> >> >> >> A couple of questions: >> >> >> >> This needs to be publicly accessible versus inside of colo >> >> The LDAP needs to be added/controlled by? >> >> > > > > I believe they just need an external publictest server for people to hit > > while testing things. > > > > -Mike Yeah, the SSSD supports LDAP for identity lookups, LDAP and Kerberos as authentication providers. So we want to set up an LDAP server providing schema rfc2307 (for providing users and for doing LDAP simple bind authentication) It needs to provide access both over LDAP/TLS and LDAPS. Beyond that, we need a Kerberos KDC set up with user principals the same as those provided by the LDAP server. In a separate email thread, someone asked if FreeIPA would be acceptable for this setup. It would make an excellent second data point, but FreeIPA uses rfc2307bis for its schema, rather than rfc2307. This will require a more detailed setup for this test than the basic case. I am currently communicating with the authconfig developer to determine whether we will be able to add the rfc2307bis option in time for the Test Day. If so, a FreeIPA server would also be an excellent idea. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkuFIMsACgkQeiVVYja6o6MeUwCePg9I83SLSqnP8tEwOZbVUnqj l7wAn3QJogUsBrXuImVbZW97Y0cU4RwY =UBpv -----END PGP SIGNATURE----- _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
