IdMgmtTestEnv

Revision 1 as of 2009-11-25 19:43:40

Clear message

Summary

This should provide an overview of the issue/functionality/change proposed here. Focus here on what will actually be DONE, summarising that so that other people don't have to read the whole spec. See also CategorySpec for examples.

Release Note

This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)

It is mandatory.

Rationale

This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.

User stories

Assumptions

Design

You can have subsections that better describe specific parts of the issue.

Implementation

This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:

UI Changes

Should cover changes required to the UI, or specific UI that is required to implement this

Code Changes

Code changes should include an overview of what needs to change, and in some cases even the specific details.

Migration

Include:

  • data migration, if any
  • redirects from old URLs to new ones, if any
  • how users will be pointed to the new way of doing things, if necessary.

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

This need not be added or completed until the specification is nearing beta.

Unresolved issues

This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.

UDS Session notes

Goal

Provide a reference identity management environment covering user and group mgmt deployable on UEC/EC2 with puppet. Instances will be setup using puppet recipes and be used for testing purposes of the login integration. The reference platform integrates openldap and MIT kerberos for authentication and login purposes.

Define the overall architecture:

  • - review the openldap-dit project - required packages (slapd, krb5) - necessary glue to be written via puppet recipes

openldap-dit

Review: https://code.launchpad.net/openldap-dit/

  • - schemas - DIT - ACLs - sudo role - dns - dhcp - RFC 2307 (user and group defintion) - Samba

Package available but not uploaded at the moment. Needs testing Convert some of the openldap-dit-setup.sh to debconf questions.

Reliance on DNS? -> need to integrate a DNS server in the infrastructure.

  • publish _srv records.
  • included in the puppet recipes.

Target architecture:

  • Instances:
    1. Master slapd+KDC
    2. (2 or more) Replicated slapd+KDC (multiple instances)
    3. File server (nfs, cifs server)
    4. Dns server

Possible extension:

  • - any server that consumes idm

Schemas

User and group mgmt: rfc 2307

  • latest version from howard's draft

ppolicy is not the latest one. Inter related with mit kerberos

  • should not be used in the test environement?

DHCP is out of scope (because of the cloud environment)

Client testing:

  • - AutoFS component? - NFSv4. - samba (including joining machines to domain and logging with domain user) - password expiration, password history, changing password. (need to sync multiple passwords for Samba)

CategorySpec