RFR - A kerberos and ldap server available for participants of the SSSD test day

Stephen Gallagher sgallagh at redhat.com
Wed Feb 24 12:42:49 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/23/2010 04:56 PM, Mike McGrath wrote:
> 
> On Tue, 23 Feb 2010, Stephen John Smoogen wrote:
> 
>> On Tue, Feb 23, 2010 at 2:36 PM, James Laska <jlaska at redhat.com> wrote:
>>
>>> A kerberos and ldap server available for participants of the SSSD test
>>> day
>>>
>>> Project plan (Detailed):
>>> We need both a kerberos and LDAP server available to test F-13
>>> SSSDbyDefault changes.  Specifically (provided by sgallagh):
>>>
>>
>> A couple of questions:
>>
>> This needs to be publicly accessible versus inside of colo
>> The LDAP needs to be added/controlled by?
>>
> 
> I believe they just need an external publictest server for people to hit
> while testing things.
> 
> 	-Mike

Yeah, the SSSD supports LDAP for identity lookups, LDAP and Kerberos as
authentication providers. So we want to set up an LDAP server providing
schema rfc2307 (for providing users and for doing LDAP simple bind
authentication) It needs to provide access both over LDAP/TLS and LDAPS.
Beyond that, we need a Kerberos KDC set up with user principals the same
as those provided by the LDAP server.

In a separate email thread, someone asked if FreeIPA would be acceptable
for this setup. It would make an excellent second data point, but
FreeIPA uses rfc2307bis for its schema, rather than rfc2307. This will
require a more detailed setup for this test than the basic case. I am
currently communicating with the authconfig developer to determine
whether we will be able to add the rfc2307bis option in time for the
Test Day. If so, a FreeIPA server would also be an excellent idea.


- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkuFHsgACgkQeiVVYja6o6MzLgCdHcYx1Kf30G4A+ZGDpdBFtozZ
A5QAnRx7tsG964olDNxFi5PEY6NI8rNS
=geEe
-----END PGP SIGNATURE-----


More information about the infrastructure mailing list