Also recorded in TRAC as lucky #2000 (https://fedorahosted.org/fedora-infrastructure/ticket/2000)
== Primary Contact == Name: Stephen Gallagher [[BR]] Fedora Account Name: sgallagh [[BR]] Group: Fedora Packager CVS Commit Group [[BR]]
'''Infrastructure Sponsor''':
== Secondary Contact info == Name: James Laska [[BR]] Fedora Account Name: jlaska [[BR]] Group: Fedora Packager CVS Commit Group [[BR]]
== Project Info == Project Name: A test box running an LDAP and kerberos server for the 2010-03-04 SSSD test day [[BR]] Target Audience: SSSD test day participants [[BR]] Expiration/Delivery Date (required): 2010-03-04 (this is the test day date) [[BR]]
Description/Summary: A kerberos and ldap server available for participants of the SSSD test day
Project plan (Detailed): We need both a kerberos and LDAP server available to test F-13 SSSDbyDefault changes. Specifically (provided by sgallagh):
We need Kerberos to be configured to authenticate the same users
provided by
the LDAP server, and we want the LDAP server to ALSO be able to
authenticate
these users. I'd also prefer it if the two systems could use different passwords (e.g. kerberos users would auth with 'krbuserN' and ldap
users would
auth with 'ldapuserN' so we could be certain of which auth mechanism
was being
used).
Goals: Provide the test day participants with an easy test environment.
== Specific resources needed == N/A
== Additional Info (Optional) == I've included Stephen and Jenny to the CC list of this ticket for further details that I may have missed.
On Tue, Feb 23, 2010 at 2:36 PM, James Laska jlaska@redhat.com wrote:
A kerberos and ldap server available for participants of the SSSD test day
Project plan (Detailed): We need both a kerberos and LDAP server available to test F-13 SSSDbyDefault changes. Specifically (provided by sgallagh):
A couple of questions:
This needs to be publicly accessible versus inside of colo The LDAP needs to be added/controlled by?
On Tue, 23 Feb 2010, Stephen John Smoogen wrote:
On Tue, Feb 23, 2010 at 2:36 PM, James Laska jlaska@redhat.com wrote:
A kerberos and ldap server available for participants of the SSSD test day
Project plan (Detailed): We need both a kerberos and LDAP server available to test F-13 SSSDbyDefault changes. Specifically (provided by sgallagh):
A couple of questions:
This needs to be publicly accessible versus inside of colo The LDAP needs to be added/controlled by?
I believe they just need an external publictest server for people to hit while testing things.
-Mike
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/23/2010 04:56 PM, Mike McGrath wrote:
On Tue, 23 Feb 2010, Stephen John Smoogen wrote:
On Tue, Feb 23, 2010 at 2:36 PM, James Laska jlaska@redhat.com wrote:
A kerberos and ldap server available for participants of the SSSD test day
Project plan (Detailed): We need both a kerberos and LDAP server available to test F-13 SSSDbyDefault changes. Specifically (provided by sgallagh):
A couple of questions:
This needs to be publicly accessible versus inside of colo The LDAP needs to be added/controlled by?
I believe they just need an external publictest server for people to hit while testing things.
-Mike
Yeah, the SSSD supports LDAP for identity lookups, LDAP and Kerberos as authentication providers. So we want to set up an LDAP server providing schema rfc2307 (for providing users and for doing LDAP simple bind authentication) It needs to provide access both over LDAP/TLS and LDAPS. Beyond that, we need a Kerberos KDC set up with user principals the same as those provided by the LDAP server.
In a separate email thread, someone asked if FreeIPA would be acceptable for this setup. It would make an excellent second data point, but FreeIPA uses rfc2307bis for its schema, rather than rfc2307. This will require a more detailed setup for this test than the basic case. I am currently communicating with the authconfig developer to determine whether we will be able to add the rfc2307bis option in time for the Test Day. If so, a FreeIPA server would also be an excellent idea.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
Apologies, forgot to include sgallagh and jgalipea to the initial cc list.
On Tue, 2010-02-23 at 14:45 -0700, Stephen John Smoogen wrote:
On Tue, Feb 23, 2010 at 2:36 PM, James Laska jlaska@redhat.com wrote:
A kerberos and ldap server available for participants of the SSSD test day
Project plan (Detailed): We need both a kerberos and LDAP server available to test F-13 SSSDbyDefault changes. Specifically (provided by sgallagh):
A couple of questions:
This needs to be publicly accessible versus inside of colo
Yes, this would be publicly accessible and needed only for the test day.
The LDAP needs to be added/controlled by?
I believe we may need to provide you with an initial data set to populate. Alternatively, we request permissions so that information can be added as we go. Stephen (cc'd) may have a preference here.
Thanks, James
On Tue, Feb 23, 2010 at 5:49 PM, James Laska jlaska@redhat.com wrote:
Apologies, forgot to include sgallagh and jgalipea to the initial cc list.
On Tue, 2010-02-23 at 14:45 -0700, Stephen John Smoogen wrote:
On Tue, Feb 23, 2010 at 2:36 PM, James Laska jlaska@redhat.com wrote:
A kerberos and ldap server available for participants of the SSSD test day
Project plan (Detailed): We need both a kerberos and LDAP server available to test F-13 SSSDbyDefault changes. Specifically (provided by sgallagh):
A couple of questions:
This needs to be publicly accessible versus inside of colo
Yes, this would be publicly accessible and needed only for the test day.
The LDAP needs to be added/controlled by?
I believe we may need to provide you with an initial data set to populate. Alternatively, we request permissions so that information can be added as we go. Stephen (cc'd) may have a preference here.
I am guessing that we would be setting up FreeIPA is what is wanted? I am just trying to get an idea of what is needed and if how much are wanted from infrastructure and what will be done by people. Sorry for the many questions.
infrastructure@lists.fedoraproject.org