Re: [gnome.org #1964] Web Gnome LDAP access

From: Ross Golder <ross golder org>
To: ramon epsem upc edu
Cc: gnome web <gnome-web-list gnome org>, support gnome org, gnome-infrastructure gnome org, Quim Gil <qgil desdeamericaconamor org>
Subject: Re: [gnome.org #1964] Web Gnome LDAP access
Date: Mon, 18 Dec 2006 13:07:25 +0000

Ramon Navarro Bosch wrote:
> 
> We have 3 options :
> 
> 1) Not use LDAP, if WGO is only going to be used by 6 people I thing that
> is not necessary to complicate it ( only need access the editors in
> english all the translators will work throw actual methods).
> 
> 2) Otherwise we can have ReadOnly access to LDAP.
> 
> 3) The third option is ReadWrite access to LDAP. Then the people have the
> oportunity to change the password on LDAP throw plone and also map some
> attributes from LDAP to Plone member attributes and change them.
> 
> In case 2 and 3 we need to create a group on LDAP just to map who is
> editor/reviewer/administrator.
> 
> If we need LDAP, then , it's important that we know as soon as possible so
> know there are 4 local users ( editors ).
> 
> Ramon
> 

I think it would be a shame for us to end up with two lots of GNOME user
data (one in LDAP, one in Plone), so I don't think 1 is the best way to
go. IMHO, having to maintain two accounts for GNOME-related stuff will
end up confusing people.

If the Plone server making requests is to be hosted outside of the remit
of the GNOME sysadmin team, as it is now, I'm not so sure I feel
comfortable with giving it that much access to our LDAP service or data.

If the source code for this was checked into GNOME CVS (well,
subversion), hosted on a GNOME server, where only GNOME-approved hackers
were able to make changes to the site source and only GNOME-approved
sysadmins have access to the databases and web servers, I'd feel a lot
more comfortable about it all. Or am I just being too paranoid?

I guess we also need to set up a 'test' LDAP server with a copy of the
live data so we can develop and test this safely.

Just my initial thoughts. (CCing gnome-infrastructure, for info).

--
Ross

> 
> 
>> This could be interesting, as we've not done this before, and only users
>> of Mango currently have any passwords set in LDAP. How will the Plone
>> users be able to set/reset their passwords?
>>
>> We'll also need to know the IP address of the server that will be making
>> the requests to open up the ACL.
>>
>> --
>> Ross
>>
>> ----------------------------------------------------
>> This message was sent via GNOME.org Request Tracker.
>>
> 
> 
> Ramon Navarro Bosch
> -------------------
> 
> 
> _______________________________________________
> gnome-web-list mailing list
> gnome-web-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-web-list

Follow-Ups:
- Re: [gnome.org #1964] Web Gnome LDAP access
  - From: Owen Taylor

References:
- Re: [gnome.org #1964] Web Gnome LDAP access
  - From: Ramon Navarro Bosch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]