This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 1b6e38b6 Migrate to new LDAP servers
1b6e38b6 is described below
commit 1b6e38b6596423ed630ba59233ab6bb60bc036ce
Author: Sebb <[email protected]>
AuthorDate: Fri Aug 5 23:18:19 2022 +0100
Migrate to new LDAP servers
---
DEVELOPMENT.md | 2 +-
DOCKER.md | 5 +++-
Dockerfile | 3 ++
MACOSX.md | 4 +--
Rakefile | 10 +++----
UBUNTU.md | 4 +--
docker-config/25-authz_ldap_group_membership.conf | 8 +++---
docker-config/whimsy.conf | 34 +++++++++++------------
8 files changed, 38 insertions(+), 32 deletions(-)
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index b72e2569..b26a0174 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -120,7 +120,7 @@ or read the [detailed MACOSX setup steps](MACOSX.md).
1. The model code determines what host and port to connect to by parsing
either `/etc/ldap/ldap.conf` or `/etc/openldap/ldap.conf` for a line that
looks like the following (the host name may be different):
- `uri ldaps://ldap-us-ro.apache.org:636`
+ `uri ldaps://ldap-us.apache.org:636`
2. A `TLS_CACERT` can be obtained via either of the following commands:
diff --git a/DOCKER.md b/DOCKER.md
index 180feb93..23208c24 100644
--- a/DOCKER.md
+++ b/DOCKER.md
@@ -81,11 +81,14 @@ but should be repeated from time to time to fetch updated
sources.
If you wish to create the Ubuntu image separately, run `rake docker:build`
(this is invoked as part of docker:update)
+This should be re-run if you update any of the resources used for the build,
+e.g. files in docker-config and the Dockerfile
+
The `rake svn:update git:pull` step updates the SVN and Git repos used by
Whimsy.
The container does not automatically update these (unlike the live
installation),
so the step should be performed as necessary before starting the container to
ensure the
-data is sufficiently up-to-date.
+data is sufficiently up-to-date. This requires karma to fetch some of the
files.
This should be enough to get most of Whimsy working. It is not
known yet what functions work and what functions do not.
diff --git a/Dockerfile b/Dockerfile
index 08a6b2cc..e7692af3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -86,6 +86,9 @@ RUN npm install -g puppeteer --unsafe-perm=true
COPY docker-config/whimsy.conf /etc/apache2/sites-enabled/000-default.conf
COPY docker-config/25-authz_ldap_group_membership.conf
/etc/apache2/conf-enabled/25-authz_ldap_group_membership.conf
+# Define the LDAP hosts; must agree with those used in the above HTTPD files
or TLS cert problems may occur
+RUN echo "uri ldaps://ldap-us.apache.org ldaps://ldap-eu.apache.org"
>>/etc/ldap/ldap.conf
+
# Allow www-data user to use Git repo owned by root
COPY docker-config/gitconfig-www /var/www/.gitconfig
diff --git a/MACOSX.md b/MACOSX.md
index 8cf3bbc5..1bee7f45 100644
--- a/MACOSX.md
+++ b/MACOSX.md
@@ -453,9 +453,9 @@ sudo cp /srv/whimsy/config/whimsy.conf
/private/etc/apache2/other
Note: if you reside outside North America you may wish to use the EU LDAP
server
by changing the references in the whimsy.conf file from
-ldaps://ldap-us-ro.apache.org:636/
+ldaps://ldap-us.apache.org:636/
to
-ldaps://ldap-eu-ro.apache.org:636/
+ldaps://ldap-eu.apache.org:636/
Restart Apache httpd using `sudo apachectl restart`.
diff --git a/Rakefile b/Rakefile
index 3d025012..72f955ee 100644
--- a/Rakefile
+++ b/Rakefile
@@ -450,12 +450,12 @@ namespace :docker do
end
# This is the entrypoint in the Dockerfile so runs in the container
- task :entrypoint => [:scaffold, :config] do
+ task :entrypoint => [:scaffold] do
# requires :config
- require 'whimsy/asf/ldap'
- unless File.read(File.join(ASF::ETCLDAP,'ldap.conf')).include?
'asf-ldap-client.pem'
- sh 'ruby -I lib -r whimsy/asf -e "ASF::LDAP.configure"'
- end
+ # require 'whimsy/asf/ldap'
+ # unless File.read(File.join(ASF::ETCLDAP, 'ldap.conf')).include? 'uri
ldaps'
+ # sh 'ruby -I lib -r whimsy/asf -e "ASF::LDAP.configure"'
+ # end
sh 'apache2ctl -DFOREGROUND'
end
end
diff --git a/UBUNTU.md b/UBUNTU.md
index 93def59d..acce5531 100644
--- a/UBUNTU.md
+++ b/UBUNTU.md
@@ -44,9 +44,9 @@ like the following:
Note: if you reside outside North America you may wish to use the EU LDAP
server
by changing the references in the whimsy.conf file from
- ldaps://ldap-us-ro.apache.org:636/
+ ldaps://ldap-us.apache.org:636/
to
- ldaps://ldap-eu-ro.apache.org:636/
+ ldaps://ldap-eu.apache.org:636/
sudo cp /srv/whimsy/config/25-authz_ldap_group_membership.conf
/etc/apache2/conf-available
sudo a2ensite whimsy
diff --git a/docker-config/25-authz_ldap_group_membership.conf
b/docker-config/25-authz_ldap_group_membership.conf
index 07c43b66..c6c1f22c 100644
--- a/docker-config/25-authz_ldap_group_membership.conf
+++ b/docker-config/25-authz_ldap_group_membership.conf
@@ -1,6 +1,6 @@
# LDAP alias: ASF member
<AuthzProviderAlias ldap-group ldap-alias-member
cn=member,ou=groups,dc=apache,dc=org>
- AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636
ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN Off
AuthLDAPMaxSubGroupDepth 0
@@ -8,7 +8,7 @@
# LDAP alias: ASF committer
<AuthzProviderAlias ldap-group ldap-alias-committer
cn=committers,ou=role,ou=groups,dc=apache,dc=org>
- AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636
ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -16,7 +16,7 @@
# LDAP alias: PMC chair
<AuthzProviderAlias ldap-group ldap-alias-pmc-chair
cn=pmc-chairs,ou=groups,ou=services,dc=apache,dc=org>
- AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636
ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -24,7 +24,7 @@
# LDAP alias: Incubator PMC
<AuthzProviderAlias ldap-group ldap-alias-incubator-pmc
cn=incubator,ou=project,ou=groups,dc=apache,dc=org>
- AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636
ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute owner
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
diff --git a/docker-config/whimsy.conf b/docker-config/whimsy.conf
index fd1fcfc7..2e436433 100644
--- a/docker-config/whimsy.conf
+++ b/docker-config/whimsy.conf
@@ -149,7 +149,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -160,7 +160,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -171,7 +171,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -182,7 +182,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -193,7 +193,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -204,7 +204,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Incubator PMC"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -215,7 +215,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Incubator PMC"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -226,7 +226,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Officers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -237,7 +237,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Officers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -248,7 +248,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Officers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -259,7 +259,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Officers"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -277,7 +277,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPMaxSubGroupDepth 0
@@ -288,7 +288,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPMaxSubGroupDepth 0
@@ -299,7 +299,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPMaxSubGroupDepth 0
@@ -310,7 +310,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Infrastructure Team"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -321,7 +321,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Secretarial Team"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -335,7 +335,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Secretarial Team"
AuthBasicProvider ldap
- AuthLDAPUrl
"ldaps://ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
