Custom Query (196 matches)
Results (100 - 102 of 196)
Ticket | Owner | Reporter | Resolution | Summary |
---|---|---|---|---|
#147 | mitchb | mitchb | fixed | Augment Nagios LDAP-MMR NRPE plugin to check for replication conflicts |
Description |
Aside from making sure that the replicas themselves are okay and replication is running, we should have Nagios check the replicated suffix to see whether there are any records containing the nsds5ReplConflict attribute, which indicates a conflict that could not be automatically resolved. |
|||
#148 | geofft | wontfix | add a Moodle autoinstaller | |
Description |
Moodle is a highly popular open-source CMS for classes/the educational market. I've heard regular mumblings that MIT's considering a global install for replacing Stellar, although I don't know how likely that is. In the meantime, it has the potential to be highly useful for SIPB's IAP classes, ESP classes, etc. etc. I tried installing Moodle 1.9.9+ weekly (as of today). Issues I noticed:
Other than those minor points, it seems to work out of the box, so an autoinstaller should be simple. |
|||
#149 | geofft | fixed | use GSSAPI for LDAP-to-LDAP auth instead of SSL certs | |
Description |
LDAP replication authenticates over SSL certs. The problem with SSL certs is that they expire (also we have our own one-off CA for signing these certs). It would be great if we could use this nifty Kerberos thing for authenticating our LDAP servers to each other. Last time we had an outage due to an expired cert, I got really really close to making GSSAPI authentication work, but it turns out that you can't modify an existing LDAPS replication agreement to turn into an LDAP-with-GSSAPI one, so you need to remove the replication agreement and create a new one, and for various complicated reasons I think the only way that we're really comfortable doing them is tearing down _all_ of the replication agreements at once, making GSSAPI work, and re-configuring replication anew with GSSAPI. This is a bit annoying. We should first test that it will actually work, by setting up LDAP on two or three VMs and trying GSSAPI auth (with, like, ZONE realm principals). Once we're comfortable with doing so, we should do this at a time (like, oh, early on a Sunday morning) when we can temporarily turn off account registrations and Pony so we don't have to deal with things needing to be replicated while we're breaking and recreating replication. See the scripts-team thread "Re: failed scripts account setup" and zlogs of -c scripts -i ldap from May 2, 2010 for more background. |