[CentOS-docs] How to Unify Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Guys, To organize ideas about the unification of CentOS authentication I propose you to use the following wiki page: http://wiki.centos.org/HowTos/UnifyAuthentication I've already started it with some headers. You are welcome to improve it. Don't know if it is in the correct place and if the headers are appropriated. I've put there just a proposition for you to evaluate. Best Regards, - -- Alain Reguera Delgado -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFJ2DXUyXxCQEoXDZARAu1DAJ4towzQa9nrGZcl4/z5ie81Ox3ZDgCeKJ1Z lHB+Varil+720OckzDqfDcc= =DiSW -END PGP SIGNATURE- ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
Phil Schaffner wrote: > On Sat, 2009-04-04 at 21:31 +0100, Ned Slider wrote: > ... >> I've been rather busy of late so haven't been following the full details >> of this discussion (just briefly reading), but the moment you're ready >> for us to jump in with some testing, please give us a loud shout and >> we'll be there :) > > Same here. Also sounds like there is likely to be a need to recruit > Wiki moderators. That might be done through the forums as well as this > list. > > I'd like to weigh in on the side of a more open Wiki with fewer barriers > to contributing and/or editing. That would be great! I'm sure many users wanted to contribute something (not viagra links) at some point, but found the whole process discouraging. I did. If MoinMoin can do some captcha and export as rss the new pages/edits I don't think it's going to be a problem to have them checked out. Been also checking the website "unification" progress... It's not going well. I guess starting from scratch is out of the question? Regards, Lucian > That is admittedly opening up the doors > to more spammers or other malicious content-providers; however a robust > moderator staff should help to mitigate that nastiness. > > Phil > > > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
On Sat, 2009-04-04 at 21:31 +0100, Ned Slider wrote: ... > > I've been rather busy of late so haven't been following the full details > of this discussion (just briefly reading), but the moment you're ready > for us to jump in with some testing, please give us a loud shout and > we'll be there :) Same here. Also sounds like there is likely to be a need to recruit Wiki moderators. That might be done through the forums as well as this list. I'd like to weigh in on the side of a more open Wiki with fewer barriers to contributing and/or editing. That is admittedly opening up the doors to more spammers or other malicious content-providers; however a robust moderator staff should help to mitigate that nastiness. Phil ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] New HowTo on Local Mirrors
On Sat, Apr 04, 2009 at 04:37:19PM -0400, Phil Schaffner wrote: > Created a new HowTo on running your own local mirror: > http://wiki.centos.org/HowTos/CreateLocalMirror > > Comments and (constructive :-) criticism are invited. > nice writeup, just my 2 cents: consider adding a lockfile if the script is used automatically in a crontab ;) ... # try to create the lock and check the outcome LOCKFILE=/var/run/rsync-home.lock lockfile -r 0 ${LOCKFILE} 1>/dev/null 2>&1 status=$? if [ ${status} -ne 0 ] ;then echo "Another instance already running. Aborting." exit 1 fi trap "rm ${LOCKFILE}" EXIT # body of the script here ... other examples are also available in the centos-mirror mailing list archives. Cheers, Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B pgpPk7sW2wwKq.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] New HowTo on Local Mirrors
On Sat, 2009-04-04 at 14:24 -0700, Akemi Yagi wrote: ... > It is also a one-liner. For example: > > lftp -e 'open http:///centos/ && mirror -c --delete 5.3 && exit' > > will mirror the whole 5.3 under the remote centos/ directory. Well Duhhh... as my daughter would say. :-) My work blocks rsync totally except using ssh login, which most mirrors don't support. The problem I have had with lftp is sometimes convincing it not to re-download perfectly good files if the time-stamp is off, and at the same time to sync things like repodata that do change. Lately I've been keeping the master copy at home and using rsync with ssh to update the work copy to bypass all that. Will dig up my old scripts at work and do an update to cover lftp. Thanks for the comments. Regards, Phil ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] New HowTo on Local Mirrors
On Sat, Apr 4, 2009 at 1:37 PM, Phil Schaffner wrote: > Created a new HowTo on running your own local mirror: > http://wiki.centos.org/HowTos/CreateLocalMirror > > Comments and (constructive :-) criticism are invited. Good work, Phil. <- constructive note. You might want to add 'lftp' as an alternative method to rsync. I have been using lftp because rsync at work is capped at a miserably low speed. Also, there are more http / ftp sites available than rsync sites. It is also a one-liner. For example: lftp -e 'open http:///centos/ && mirror -c --delete 5.3 && exit' will mirror the whole 5.3 under the remote centos/ directory. Regarding the baseurl=file:/ line in the .repo file, I always thought it required three slashes. I now realize that a single slash is all you need. :) Thanks for the useful article. Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralph Angenendt wrote: > Alain Reguera Delgado wrote: >>> Yes. Which one is the leading account? Trac? Wiki? Website? >> Well, I would chose the source where there are more accounts and user >> information. Based on that we could break those records into appropriate >> LDAP attributes. > > That would be xoops at the moment. But the bug database also has loads of > accounts. I'm just wondering aloud how something like this can be solved. Seems like there is no easy way to get this done. Lets keep wondering aloud :D What applications we have and what of them currently support authentication through LDAP ? Then is time to unify accounts. Here some scripts may be necessary but in cases they don't fit, It would be necessary to ask all CentOS users to fill a form and get registered in the new LDAP space. That would let us work on needed adjustments to be sure all uid match. Note: I haven't read yet how applications like MoinMoin, Trac, Mantis, ... handle the users authentication through LDAP and the user relation with the content. That need to be clear enough so to save time, information and define a working road. A wiki page for those things would be useful. With all these things in place, we could set a test server to install all this applications, reflect the real environment, and test how it works. When things work as expected the system could be put in production. This is not one's man work. We'll need collaboration from everybody, from dev-team to users. >> For example, and because is what I've seen by now, if the accounts >> source chosen would be Xoops.users we could use the the name field to >> build a wiki name that could be stored into another LDAP uid attribute. >> Then point somehow MoinMoin to match that. > > And lose all information about who wrote and changed which article when - or > even worse give edit rights to someone else. This has to be thought through, > and we're not talking about a few users in case of xoops and bugs. Agree. The process need to be defined somewhere with everybody's knowledge in each area like availabilities, needs, difficulties and so on, this way we could build a way to go. Something like we did with forums (http://wiki.centos.org/WebsiteVer2/forums). Just thinking aloud to spread ideas over the table and so get other's one. Best Regards, - -- Alain Reguera Delgado -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFJ18iuyXxCQEoXDZARAubnAJ9JzMzffScbAwnYgTW/ofhZE9hNBgCg5bFP GirjBAJ0EaQGrwzd49XKHPE= =DeSU -END PGP SIGNATURE- ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] New HowTo on Local Mirrors
Created a new HowTo on running your own local mirror: http://wiki.centos.org/HowTos/CreateLocalMirror Comments and (constructive :-) criticism are invited. Phil ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
Akemi Yagi wrote: > On Sat, Apr 4, 2009 at 9:40 AM, Marcus Moeller wrote: > >> Test procedure is: >> >> - test forum functionality (hope Ned and some of the forum mods will >> join us then) > > When participation of the forum mods is needed, I'd be happy to join in. > > Akemi Absolutely Marcus. I've been rather busy of late so haven't been following the full details of this discussion (just briefly reading), but the moment you're ready for us to jump in with some testing, please give us a loud shout and we'll be there :) ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
Alain Reguera Delgado wrote: > > Yes. Which one is the leading account? Trac? Wiki? Website? > > Well, I would chose the source where there are more accounts and user > information. Based on that we could break those records into appropriate > LDAP attributes. That would be xoops at the moment. But the bug database also has loads of accounts. I'm just wondering aloud how something like this can be solved. > For example, and because is what I've seen by now, if the accounts > source chosen would be Xoops.users we could use the the name field to > build a wiki name that could be stored into another LDAP uid attribute. > Then point somehow MoinMoin to match that. And lose all information about who wrote and changed which article when - or even worse give edit rights to someone else. This has to be thought through, and we're not talking about a few users in case of xoops and bugs. Ralph pgpdEbF9VDOwP.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
2009/4/4 Akemi Yagi : > On Sat, Apr 4, 2009 at 9:40 AM, Marcus Moeller wrote: > >> Test procedure is: >> >> - account migration >> - verify account migration >> - test forum functionality (hope Ned and some of the forum mods will >> join us then) > > When participation of the forum mods is needed, I'd be happy to join in. You are welcome ;) Thanks Marcus ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
On Sat, Apr 4, 2009 at 9:40 AM, Marcus Moeller wrote: > Test procedure is: > > - account migration > - verify account migration > - test forum functionality (hope Ned and some of the forum mods will > join us then) When participation of the forum mods is needed, I'd be happy to join in. Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
Dear Alain, > b.t.w. Did any one have test: > http://php-bb.dev.centos.org/private/newbb_to_phpbb/ ? I would like to > make that script public if possible (getting it out of private directory > ) for anyone to test. Please be patient. Karan is going to prepare the xoops_users tables, so we can continue testing. The migration script (at least placed on the TestVM) should not be accessible to the public. Test procedure is: - account migration - verify account migration - test forum functionality (hope Ned and some of the forum mods will join us then) Best Regards Marcus ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralph Angenendt wrote: > Marcus Moeller wrote: >> Dear Ralph, >> On top of my personal list is LDAP integration, as we want to push website v2 a bit. >>> LDAP integration is just a config change, so no big problem. The >>> problem is that website accounts and wiki accounts don't have >>> anything in common. >> At the moment or in the future? > > At the moment. And I don't see any easy way to resolve that if there are > duplicate account names. > >> As the aim should be to create one single backend for all parts of the >> website (News, Forum, Wiki, Planet...). > > Yes. Which one is the leading account? Trac? Wiki? Website? Well, I would chose the source where there are more accounts and user information. Based on that we could break those records into appropriate LDAP attributes. For example, and because is what I've seen by now, if the accounts source chosen would be Xoops.users we could use the the name field to build a wiki name that could be stored into another LDAP uid attribute. Then point somehow MoinMoin to match that. Of course, users that aren't in Xoops.users won't be in LDAP, so in order to make the migration we need to request users to register in a common place or create some kind of script that help us migrate things from different sources into a common source. I would like to request the creation of a wiki page to organize these things, so we can define solutions and a direction, based on real conditions/logistic/resources and any thing involved. b.t.w. Did any one have test: http://php-bb.dev.centos.org/private/newbb_to_phpbb/ ? I would like to make that script public if possible (getting it out of private directory ) for anyone to test. - -- Alain Reguera Delgado -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFJ12eayXxCQEoXDZARAo+zAJ4l1JQWcyE6ytreP8qWR5pG1t68jACfRjuU cuF0AVUoF8uEDETbqSPqkXo= =KTRz -END PGP SIGNATURE- ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
Marcus Moeller wrote: > Dear Ralph, > > >> On top of my personal list is LDAP integration, as we want to push > >> website v2 a bit. > > > > LDAP integration is just a config change, so no big problem. The > > problem is that website accounts and wiki accounts don't have > > anything in common. > > At the moment or in the future? At the moment. And I don't see any easy way to resolve that if there are duplicate account names. > As the aim should be to create one single backend for all parts of the > website (News, Forum, Wiki, Planet...). Yes. Which one is the leading account? Trac? Wiki? Website? > Afaik he has also started to write some code for that. I'm not talking about code. I'm talking about logistics. Ralph pgpftbs7FLZHg.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
Dear Ralph, >> On top of my personal list is LDAP integration, as we want to push >> website v2 a bit. > > LDAP integration is just a config change, so no big problem. The problem is > that website accounts and wiki accounts don't have anything in common. At the moment or in the future? As the aim should be to create one single backend for all parts of the website (News, Forum, Wiki, Planet...). You know, the forums have already been proved against LDAP and Alain has lined out some requirements that have to be met for the rest of the website: http://wiki.centos.org/WebsiteVer2/langSubsites/C-Nus Afaik he has also started to write some code for that. Best Regards Marcus ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] proposed changes option
Marcus Moeller wrote: > On top of my personal list is LDAP integration, as we want to push > website v2 a bit. LDAP integration is just a config change, so no big problem. The problem is that website accounts and wiki accounts don't have anything in common. Ralph pgp7YYXD00hcL.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs