It would seem something similar to what nuked the .219 hard drive is on its way to taking out the .220 hard drive. Of course, the areas of the most trouble is the bdb files that contain our database (rather unbacked up too, I might sheepishly add) for the TelaScience LDAP. The bdb file(s) that contain the database are mostly intact, but some recovery is in order for us to get things working. I wasn't able to get it to go tonight, but I can fiddle with it some more tomorrow night.
I think I choices are:
- Finish building out the OSGeo LDAP to support shell logins
- Forget LDAP for the TelaScience blades altogether and only do local accounts
What should we do?
Martin, do you have a status on what schema bits would need to be added to user's LDAP schema to support shell logins for select users? Did we already do it as part of the work we did this past winter?
On Thu, Mar 26, 2009 at 12:01:12AM -0500, Howard Butler wrote:
Martin, do you have a status on what schema bits would need to be
added to user's LDAP schema to support shell logins for select users?
Did we already do it as part of the work we did this past winter?
Technically the most relevant parts are done (proper ACL's and SSL
encryption on the wire). What's left is to add some attributes to the
respective accounts, including a numeric UID for the 'uidNumber' field
.... which hopefully could be recovered from the Telascience LDAP DB,
either by "real" BerkeleyDB recovery tools or simply by running
'strings' on the respective file(s).
The LDAP server part could be done in an hour or so, later today,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Thu, Mar 26, 2009 at 12:01:12AM -0500, Howard Butler wrote:
Martin, do you have a status on what schema bits would need to be added
to user's LDAP schema to support shell logins for select users? Did we
already do it as part of the work we did this past winter?
Ok, 17 accounts have had their user ID matching between Telascience
LDAP and OSGeo LDAP. These 17 accounts are noe 'equipped' in OSGeo LDAP
with the required attributes to do shell login:
bitner
christoph
crschmidt
dmorissette
dsampson
gupteshwar
hobu
jlivni
johng
kanhaiya
martin
neteler
nhv
pnaciona
pramsey
tbonfort
uli
I'll have to check the remaining accounts later,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Thu, Mar 26, 2009 at 12:01:12AM -0500, Howard Butler wrote:
Martin, do you have a status on what schema bits would need to be added
to user's LDAP schema to support shell logins for select users? Did we
already do it as part of the work we did this past winter?
Ok, the following accounts had different names - I've made them
matching the OSGeo LDAP, thus the home directories on Telascience
machines would have to get renamed:
astrid -> astrid_emde
seven -> arnulf
swapnil -> dreamil
jasonbirch -> jbirch
bbray -> robertbray # I _hope_ this matching is correct
tomf -> tomfukushima
frankw -> warmerdam
I felt unable to match the following Telascience LDAP accounts:
mattdiez
mpetri
szekerest
osgeo_sys
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
There's one remaining snippet I have left: The list of those who are
supposed to have shell access on the Telascience machines.
Should I merge these into:
dn: cn=telascience,ou=shell,dc=osgeo,dc=org
.... or is there a different plan ?
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
There's one remaining snippet I have left: The list of those who are
supposed to have shell access on the Telascience machines.
Should I merge these into:
dn: cn=telascience,ou=shell,dc=osgeo,dc=org
.... or is there a different plan ?
that would be the groupOfNames containing uids that we're allowing telascience shell access? Sounds good to me. We'll have to have a little script similar to ldap_user.py that loops all of the names there and increments the uid when adding a new user for shell access.
On Thu, Mar 26, 2009 at 10:24:03PM +0100, Martin Spott wrote:
[...] These 17 accounts are noe 'equipped' in OSGeo LDAP
with the required attributes to do shell login:
Added:
mloskot
tamas
hobu2
sderle
ticheler
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------