Re: [IAM PoC] Starting with implementation

2017-06-07 Thread Francesco Chicchiriccò
Hi all, FYI this experiment was officially considered closed - see https://issues.apache.org/jira/browse/INFRA-10930 Regards. On 13/01/2017 11:34, Francesco Chicchiriccò wrote: On 13/01/2017 10:30, Pierre Smits wrote: Ok. Thanks. I guess one of the next steps will be to change the password

Re: [IAM PoC] Starting with implementation

2017-01-13 Thread Francesco Chicchiriccò
On 13/01/2017 10:30, Pierre Smits wrote: Ok. Thanks. I guess one of the next steps will be to change the password of the admin userid to make it more secure. Definitely. Not an hard task, though: https://syncope.apache.org/docs/reference-guide.html#set-admin-credentials Regards. On Fri, Ja

Re: [IAM PoC] Starting with implementation

2017-01-13 Thread Pierre Smits
Ok. Thanks. I guess one of the next steps will be to change the password of the admin userid to make it more secure. Best regards, Pierre Smits ORRTIZ.COM OFBiz based solutions & services OFBiz Extensions Marketplace http://oem.ofbizci.net/oci-2/ On Fri, Jan 13, 2017

Re: [IAM PoC] Starting with implementation

2017-01-13 Thread Francesco Chicchiriccò
Hi all, I honestly do not see the point of putting any effort (yet) in puppetizing the configurations on syncope-vm2. syncope-vm2 is the VM we are using to implement a PoC, not a production environment. For example, I had to install the OpenLDAP packages to load the ASF Directory dump, in o

Re: [IAM PoC] Starting with implementation

2017-01-12 Thread Pierre Smits
Tony, Francesco didn't install the syncope wars in/on the puppet configured Tomcat, but did a new Tomcat installation in /opt. So we need to figure out how to do that correction there, or redeploy syncope in the puppet controlled Tomcat. Best regards, Pierre Smits ORRTIZ.COM

Re: [IAM PoC] Starting with implementation

2017-01-12 Thread Tony Stevenson
> On Jan 12, 2017, at 1:22 PM, Pierre Smits wrote: > > Please do not use the syncope implementation via the unencrypted tomcat port > 8080/ > Then configure tomcat to only listen on loopback, or only allow access from the local interface then. Better yet change the firewall rules. Or do bo

Re: [IAM PoC] Starting with implementation

2017-01-12 Thread Pierre Smits
I have configured the Apache HTTPD as the proxy server for the syncope deployment over ssl Following url's can now be used: - http://idm-poc.apache.org/syncope, redirecting to https://idm-poc.apache.org/syncope - http://idm-poc.apache.org/syncope-console, redirecting to https://idm-po

Re: [IAM PoC] Starting with implementation

2017-01-12 Thread Francesco Chicchiriccò
Il 12 gennaio 2017 19:23:37 CET, Pierre Smits ha scritto: >I see that the syncope-vm is working. But did we use the preconfigured >installations of tomcat and postgresql (the client for connection to a >ASF >psql setup)? syncope-vm.apache.org hosts our public demo, see http://syncope.apache.org

Re: [IAM PoC] Starting with implementation

2017-01-12 Thread Pierre Smits
I see that the syncope-vm is working. But did we use the preconfigured installations of tomcat and postgresql (the client for connection to a ASF psql setup)? Best regards, Pierre Smits ORRTIZ.COM OFBiz based solutions & services OFBiz Extensions Marketplace http://oem.o

Re: [IAM PoC] Starting with implementation

2017-01-12 Thread Francesco Chicchiriccò
Hi, quick update: I have defined some schemas and the local LDAP resource with provision for both users and groups: at the moment browsing the resource from Syncope Admin UI works fine. Regards. On 11/01/2017 16:12, Francesco Chicchiriccò wrote: On 11/01/2017 12:42, Francesco Chicchiriccò wr

Re: [IAM PoC] Starting with implementation

2017-01-11 Thread Francesco Chicchiriccò
On 11/01/2017 12:42, Francesco Chicchiriccò wrote: On 10/01/2017 23:56, Chris Lambertus wrote: Yes, I am available. I will provide you an export of our existing LDAP repository and pointers to our schemas. Thanks Chris, looks good! In answer to your questions below regarding id.a.o: 1) Yes,

Re: [IAM PoC] Starting with implementation

2017-01-11 Thread Francesco Chicchiriccò
On 10/01/2017 23:56, Chris Lambertus wrote: Yes, I am available. I will provide you an export of our existing LDAP repository and pointers to our schemas. Thanks Chris, looks good! In answer to your questions below regarding id.a.o: 1) Yes, the current id.a.o app exclusively manages data in

Re: [IAM PoC] Starting with implementation

2017-01-10 Thread Chris Lambertus
> On Jan 10, 2017, at 2:56 PM, Chris Lambertus wrote: > > I will provide you an export of our existing LDAP repository and pointers to > our schemas. I’ve placed the ldif dump in /root/asf-20170110.ldif on syncope-vm2. Our LDAP server configuration is generally defined in the following puppe

Re: [IAM PoC] Starting with implementation

2017-01-10 Thread Chris Lambertus
Yes, I am available. I will provide you an export of our existing LDAP repository and pointers to our schemas. In answer to your questions below regarding id.a.o: 1) Yes, the current id.a.o app exclusively manages data in LDAP as a self-service tool. 2a) OpenLDAP 2b) A variety including some c

Re: [IAM PoC] Starting with implementation

2017-01-09 Thread Francesco Chicchiriccò
Hi all, semi-formal "ping" for Infra guys: is there anyone available for supporting this PoC? As said from the beginning, a fundamental requirement is to have someone playing the customer role, otherwise any effort is pointless. Regards. On 19/12/2016 09:09, Francesco Chicchiriccò wrote: Qu

Re: [IAM PoC] Starting with implementation

2016-12-19 Thread Pierre Smits
I guess we'll see the input from INFRA appear in the comments of the pull request, or else in e.g. https://issues.apache.org/jira/browse/INFRA-10931 and associated issues. Best regards, Pierre Smits ORRTIZ.COM OFBiz based solutions & services OFBiz Extensions Marketplace

Re: [IAM PoC] Starting with implementation

2016-12-19 Thread Francesco Chicchiriccò
Quick update: 1. Pierre has submitted the first PR for puppet at https://github.com/apache/infrastructure-puppet/pull/156 2. I have just updated the PoC code to Syncope 2.0.1 (that's the second commit, exactly 1 year after fist one: time flies): https://github.com/apache/iampoc/commit/a155f593

Re: [IAM PoC] Starting with implementation

2016-12-16 Thread Pierre Smits
Hi All, I have made the first pass of the Syncope-PoC node configuration available at [1]. Please review and post you comments (and other insights) here. After a few days I will (based on your feedback) create a pull request and ask INFRA for feedback. [1] https://github.com/PierreSmits/infrastru

Re: [IAM PoC] Starting with implementation

2016-12-16 Thread Pierre Smits
I have also been able to ssh into the PoC environment. Based on information provided by INFRA officials I have forked the INFRA puppet config repo [1], to start building the Syncope-PoC node configuration. As soon as I have something tangible I will make the file available for review and when acce

Re: [IAM PoC] Starting with implementation

2016-12-16 Thread Francesco Chicchiriccò
HI all, I am happy to report that the VM for the PoC was made available (syncope-vm2.apache.org) - see INFRA-10931. I have been able to successfully access via SSH (sudo does not seem to work, but nothing problematic about this ATM). I know from IRC that Pierre is at work to try to define a fi

[IAM PoC] Starting with implementation

2015-12-21 Thread Francesco Chicchiriccò
Hi all, we now have our GIT repository at https://git-wip-us.apache.org/repos/asf/iampoc.git which is also mirrored, as usual, to GitHub. As you can see, I have made an initial commit featuring an empty default Syncope 2.0.0-SNAPSHOT setup. Now, waiting for the VM to be available (see INFRA-