Re: [ #1964] Web Gnome LDAP access is going to be controlled by GNOME and on a
GNOME-controlled server.

As quim said I'm waiting to know more information about infraestructure
team about the servers available and how we will deploy this system.
Meanwhile we are using a dedicated server on Universitat Politècnica de
Catalunya that  Free Software Chair gave to us.

The easiest option now is  :

* Can infraestructure team make a copy of the LDAP and give read access
to ( )?

One important thing is that we can force Plone to use a user to bind
LDAP instead of using the gnome username. Then it would be possible to
create some rules on sldapd configuration just to enable
password/name/email changes on user stuff throw Plone.


En/na Owen Taylor ha escrit:
> On Mon, 2006-12-18 at 13:07 +0000, Ross Golder wrote:
>> Ramon Navarro Bosch wrote:
>>> We have 3 options :
>>> 1) Not use LDAP, if WGO is only going to be used by 6 people I thing that
>>> is not necessary to complicate it ( only need access the editors in
>>> english all the translators will work throw actual methods).
>>> 2) Otherwise we can have ReadOnly access to LDAP.
>>> 3) The third option is ReadWrite access to LDAP. Then the people have the
>>> oportunity to change the password on LDAP throw plone and also map some
>>> attributes from LDAP to Plone member attributes and change them.
>>> In case 2 and 3 we need to create a group on LDAP just to map who is
>>> editor/reviewer/administrator.
>>> If we need LDAP, then , it's important that we know as soon as possible so
>>> know there are 4 local users ( editors ).
>>> Ramon
>> I think it would be a shame for us to end up with two lots of GNOME user
>> data (one in LDAP, one in Plone), so I don't think 1 is the best way to
>> go. IMHO, having to maintain two accounts for GNOME-related stuff will
>> end up confusing people.
>> If the Plone server making requests is to be hosted outside of the remit
>> of the GNOME sysadmin team, as it is now, I'm not so sure I feel
>> comfortable with giving it that much access to our LDAP service or data.
>> If the source code for this was checked into GNOME CVS (well,
>> subversion), hosted on a GNOME server, where only GNOME-approved hackers
>> were able to make changes to the site source and only GNOME-approved
>> sysadmins have access to the databases and web servers, I'd feel a lot
>> more comfortable about it all. Or am I just being too paranoid?
> Without investigating the problem in detail:
> My feeling is that the Plone/Zope code must inherently not be able to
> modify security-critical content in the LDAP database; examples include:
>  - Membership in the various groups that we use to control 
>    login access (gnomeweb/gnomecvs/wheel/etc.)
>  - SSH keys
> Depending on the Plone code to do the necessary security checks is not
> sufficient, no matter where the instance and source code is hosted.
> This may be possible to achieve by appropriate access controls set
> up on the LDAP server: preferably with a "whitelist" of things that the
> Plone server is allowed to change rather than the reverse. If such a
> setup isn't possible, it's a bad idea to allow the Plone server write
> access to the LDAP database.
> In reference to:
>  "If the Plone server making requests is to be hosted outside of the  
>   remit of the GNOME sysadmin team, as it is now"
> I hope we wouldn't even consdider hosting on a
> non-GNOME-controlled server.
> Regards,
> 						Owen

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]