== Project Sponsor ==
'''Name''': Jakub Hrozek
'''Fedora Account Name''': jhrozek
'''Group''': Fedora Packager CVS Commit Group
'''Infrastructure Sponsor''':
== Secondary Contact info ==
'''Name''': Simo Sorce
'''Fedora Account Name''': simo
== Project Info ==
'''Project Name''': A test box running an LDAP server for SSSD test day
'''Target Audience''': SSSD Test Day participants
'''Expiration/Delivery Date (required)''': 2009-04-30 (this is the Test day date)
'''Description/Summary''': A test box running an LDAP server for SSSD test day.
'''Project plan (Detailed)''': A Fedora Directory Server, or a FreeIPA instance, is needed to perform full testing of SSSD (there is a draft How to test on the Feature Page, I'll rework that into a better test plan this week). I'm not sure if we can ask the test day participants to go through the process of configuring their own instance and even if they had one on their local machine, it wouldn't allow them to test the online caching feature of SSSD properly.
There are several options, the best of them is to have an LDAP server with test data available for the community to test on.
Therefore, I'd like to ask the Fedora Infrastructure team to provide us with a temporary test box where we could install and configure FDS. The box would be needed until the test day (2009-04-30), can be removed afterwards.
I understand that getting a root access for the box might not be possible - I can provide an install script and an LDIF file that would bootstrap the FDS instance in that case. However, getting a sudo for controlling the FDS instance (ldapmodify, restart the service, view the logs) would be very nice.
'''Goals''': Provide the test day participants with an easy test environment.
== Specific resources needed == N/A
== Additional Info (Optional) == As per the time before the test day, it would be handy if we had the test instance for 1-2 weeks prior to the test day.
Hey, root access on a test machine should be perfectly possible :-) Would you need an F11 machine, or would RHEL 5.3 be enough? In either case, apply to the sysadmin-test group in FAS, and we'll get you setup.
Replying to [comment:1 ricky]:
Thank you! A Fedora machine would probably be better.
I requested sysadmin-test membership.
I've approved you for sysadmin-test. What version of Fedora do you need, Rawhide/F11 or F10?
Replying to [comment:3 ricky]:
Rawhide/F11 is fine
Oops, I actually forgot to sponsor you, but now I have :-)
You should be able to ssh to rawhide1.fedoraproject.org now, and you have sudo on that machine (use your FAS password).
There are two other people working on that machine, but they said they wouldn't be affected by the test day work.
Good luck with the test day, and let us know if you need anything.
Replying to [comment:6 ricky]:
Oops, I actually forgot to sponsor you, but now I have :-) You should be able to ssh to rawhide1.fedoraproject.org now, and you have sudo on that machine (use your FAS password). There are two other people working on that machine, but they said they wouldn't be affected by the test day work. Good luck with the test day, and let us know if you need anything.
Great, everything seems to work as expected. Thank you for the help, Ricky!
Not sure if this requires a separate ticket or if it's OK to track this in this one, but..
Is there any chance of us getting a certificate signed by the Fedora CA for the LDAP server? We'd like to have TLS running on the server so we can test the native LDAP backend of SSSD. If not, we can go with a self-signed one, but a certificate signed by proper CA would be way better.
Replying to [comment:8 jhrozek]:
Not sure if this requires a separate ticket or if it's OK to track this in this one, but.. Is there any chance of us getting a certificate signed by the Fedora CA for the LDAP server? We'd like to have TLS running on the server so we can test the native LDAP backend of SSSD. If not, we can go with a self-signed one, but a certificate signed by proper CA would be way better.
Well.... We might be able to sign it with the "fedora CA" but I wouldn't call that a "Proper CA" :) I'd suggest just going with the self signed one for now.
The reason we are requesting this is that, in order to use TLS, our users will need to install the appropriate certificate authority on their client machines. It will probably be easier for them to stomach (and trust) the Fedora CA than it will our self-signed one.
It looks like the test day went fine, closing.
Sgallagh asked that I update the ticket for future reference. Looks like additional ports to publictest9 were needed for testing. They included 636 (LDAPS) and 749 (kpasswd). I believe this work was already completed with help from mmcgrath on #fedora-admin.
Login to comment on this ticket.