Apache Infrastructure Team

Thursday May 21, 2009

It's official, we now have LDAP running!

Earlier this week the Infrastructure team rolled out phase one of the planned LDAP services.  

We are using LDAP for authentication of shell accounts.  For now this is the extent of the implementation, however the next phase should follow this quite quickly.

The next phase will involve moving to LDAP to manage access to our subversion repositories. This is a slightly more complicated migration as we currently use an SVNAuthz file, that contains the appropriate groups and their memberships.  We are currently working on a new template system where by changes to LDAP will trigger a build of the SVNAuthz file based on groups in LDAP.  This means we must watch LDAP changes, work on a template system, and if a new version of the template is checked into Subversion we need to trigger a build again.  This is a work in progress at the moment. 

If you find yourself in the position of needing to change your shell account password you can do it by doing this on the command line "ldappasswd -W -S -A -D uid=availid,ou=people,dc=apache,dc=org"  -- Where availid is your ASF username.   For example  "ldappasswd -W -S -A -D uid=pctony,ou=people,dc=apache,dc=org".  This is far from an elegant solution, but for now it works.  You will be required to enter and confirm your current password, and then enter and confirm your new password choice, followed by your LDAP password (this is your old password) .

We are working on a web portal that will allow users to edit attributes, such as forwarding address, password, etc.  This will be made available as soon as it is ready.  If you don't know your current password, then you will need to email  root@ as per usual. 

You can follow the trials and tribulations of the rollout on my personal blog  


This would be a lot more useful if it was sent to committers@. I'm also wondering why my password no longer works, but fortunately I have ssh keys as a backup. The ldappasswd script nicely hangs.

Posted by Hen on May 25, 2009 at 10:05 AM UTC #

(FYI) Old password: Re-enter old password: New password: Re-enter new password: Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Posted by Hen on May 25, 2009 at 10:05 AM UTC #

I wouldn't mind helping out with a profile management app. I'm on the struts project and it might be a good reference app for struts. I have a need for LDAP integration on a paid contract, so it would be useful experience for me. Email me (wesw@apache.org forwards to wesw@wantii.com, so either one works) what you are looking for and I'll see if I can whip something together.

Posted by Wes on May 27, 2009 at 03:39 PM UTC #

Post a Comment:
Comments are closed for this entry.



Hot Blogs (today's hits)

Tag Cloud