Feature changed by: Haripriya Srinivasaraghavan (sharipriya) Feature #306428, revision 2 Title: Reduction and management of the proxy users in a OES deployment Requested by: Haripriya Srinivasaraghavan (sharipriya) Description: ECO for: 1) A proxy user screen at the beginning of OES installation, where the following fields would be present * A proxy user input field which is auto-populated with a proxy user from the relevant scope - this could be a name of the user if already existing, or the name of a new user to create. The name entered in this field will become the default “OES proxy user” for all the services on that server. * A proxy user password field which will be filled by the install user. * A radio button which allows the administrator to select creation of proxy users at any of various levels/scope– * one proxy user per service per server * one proxy user per server (Default) * one proxy user per partition * one proxy user per tree * For all the services using proxy user, the proxy user and password fields will be auto-populated. The services will add the required rights or policies to this proxy user. * Based on the granularity of proxy users, this utility will allow the administrator to reset the proxy user passwords of the proxy user for all the services on a given OES box. 2) A utility to change all the proxy user passwords with one command.   + Discussion: + #1: Haripriya Srinivasaraghavan (sharipriya) (2009-05-13 11:30:40) +   + ...snipped... + The admin (LDAP) user and password are generated in two places in the + OES install. If eDir is to be installed on the box, then one of the + eDir screens contains this information. If eDir is not to be installed + on the box then there is an LDAP screen which contains this data. For + this ECO, we would add GUI in both of those places to handle the proxy + user as described in the ECO. The data in these screens would be + defaulted to a well-known name (e.g. "oes_proxy_user") and would be + located in the server's context (e.g. "cn=oes_proxy_user.o=". We could + also auto-generate a password. Radio buttons would also be on this + screen for "partition-wide" and "tree-wide" with a default set. The + values entered in these screens would be passed down to a script to be + provided to me (developed in India) that will do the work of proxy- + configuration, etc. Also, the values entered in these screens will be + the defaults for proxy users in the product configuration screens for + the product that currently have proxy users. I would estimate about 3 + days to implement and unit test my piece (new GUI and logic) of the + above. + Mark T. Clark + ...snipped... -- openSUSE Feature: https://features.opensuse.org/306428

Feature changed by: Haripriya Srinivasaraghavan (sharipriya) Feature #306428, revision 5 Title: Reduction and management of the proxy users in a OES deployment Requested by: Haripriya Srinivasaraghavan (sharipriya) Description: ECO for: 1) A proxy user screen at the beginning of OES installation, where the following fields would be present * A proxy user input field which is auto-populated with a proxy user from the relevant scope - this could be a name of the user if already existing, or the name of a new user to create. The name entered in this field will become the default “OES proxy user” for all the services on that server. * A proxy user password field which will be filled by the install user. * A radio button which allows the administrator to select creation of proxy users at any of various levels/scope– * one proxy user per service per server * one proxy user per server (Default) * one proxy user per partition * one proxy user per tree * For all the services using proxy user, the proxy user and password fields will be auto-populated. The services will add the required rights or policies to this proxy user. * Based on the granularity of proxy users, this utility will allow the administrator to reset the proxy user passwords of the proxy user for all the services on a given OES box. 2) A utility to change all the proxy user passwords with one command.   Use Case: This is a problem reported by customers in EMEA including WDR, Postbank, Novell consultants, and Marcel Cox. When there are many proxy users (like we default to with OES2 and OES2 SP1), the problem of managing and synchronizing the passwords when they expire becomes a very big problem. The number of proxy users also has an implication on the number of user licenses that would get consumed, and this also causes concern with customers. + With this feature the install administrator will be able to select how + many proxy users their organization will use, and where to place them. + Also, the default will be to create one proxy user per server instead + of for every OES service, which results in reduction of proxy users + immediately. Discussion: #1: Haripriya Srinivasaraghavan (sharipriya) (2009-05-13 11:30:40)   ...snipped... The admin (LDAP) user and password are generated in two places in the OES install. If eDir is to be installed on the box, then one of the eDir screens contains this information. If eDir is not to be installed on the box then there is an LDAP screen which contains this data. For this ECO, we would add GUI in both of those places to handle the proxy user as described in the ECO. The data in these screens would be defaulted to a well-known name (e.g. "oes_proxy_user") and would be located in the server's context (e.g. "cn=oes_proxy_user.o=". We could also auto-generate a password. Radio buttons would also be on this screen for "partition-wide" and "tree-wide" with a default set. The values entered in these screens would be passed down to a script to be provided to me (developed in India) that will do the work of proxy- configuration, etc. Also, the values entered in these screens will be the defaults for proxy users in the product configuration screens for the product that currently have proxy users. I would estimate about 3 days to implement and unit test my piece (new GUI and logic) of the above. Mark T. Clark ...snipped... -- openSUSE Feature: https://features.opensuse.org/306428

Feature changed by: Alok Panda (alok_panda) Feature #306428, revision 7 Title: Reduction and management of the proxy users in a OES deployment Requested by: Haripriya Srinivasaraghavan (sharipriya) Description: ECO for: 1) A proxy user screen at the beginning of OES installation, where the following fields would be present * A proxy user input field which is auto-populated with a proxy user from the relevant scope - this could be a name of the user if already existing, or the name of a new user to create. The name entered in this field will become the default “OES proxy user” for all the services on that server. * A proxy user password field which will be filled by the install user. * A radio button which allows the administrator to select creation of proxy users at any of various levels/scope– * one proxy user per service per server * one proxy user per server (Default) * one proxy user per partition * one proxy user per tree * For all the services using proxy user, the proxy user and password fields will be auto-populated. The services will add the required rights or policies to this proxy user. * Based on the granularity of proxy users, this utility will allow the administrator to reset the proxy user passwords of the proxy user for all the services on a given OES box. 2) A utility to change all the proxy user passwords with one command. Use Case: This is a problem reported by customers in EMEA including WDR, Postbank, Novell consultants, and Marcel Cox. When there are many proxy users (like we default to with OES2 and OES2 SP1), the problem of managing and synchronizing the passwords when they expire becomes a very big problem. The number of proxy users also has an implication on the number of user licenses that would get consumed, and this also causes concern with customers. With this feature the install administrator will be able to select how many proxy users their organization will use, and where to place them. Also, the default will be to create one proxy user per server instead of for every OES service, which results in reduction of proxy users immediately. Discussion: #1: Haripriya Srinivasaraghavan (sharipriya) (2009-05-13 11:30:40) ...snipped... The admin (LDAP) user and password are generated in two places in the OES install. If eDir is to be installed on the box, then one of the eDir screens contains this information. If eDir is not to be installed on the box then there is an LDAP screen which contains this data. For this ECO, we would add GUI in both of those places to handle the proxy user as described in the ECO. The data in these screens would be defaulted to a well-known name (e.g. "oes_proxy_user") and would be located in the server's context (e.g. "cn=oes_proxy_user.o=". We could also auto-generate a password. Radio buttons would also be on this screen for "partition-wide" and "tree-wide" with a default set. The values entered in these screens would be passed down to a script to be provided to me (developed in India) that will do the work of proxy- configuration, etc. Also, the values entered in these screens will be the defaults for proxy users in the product configuration screens for the product that currently have proxy users. I would estimate about 3 days to implement and unit test my piece (new GUI and logic) of the above. Mark T. Clark ...snipped... + #2: Alok Panda (alok_panda) (2009-05-21 12:25:17) + Test Estimate DT = 13 daysSIT = 15 daysST = 14 days + Total Test effort = 42 days + Development Estimate + AFP/DNS/DHCP = 5 days + CIFS = 2 days + DSFW = 5 days + iFolder = 5 days + NCS = 2 days + Common script for fresh install = 6 days + Script for resetting password = 3 days + UI from Mark = 3 days + Integration = 6 days + Development effort = 37 daysAll total = 79 daysMost of the development + effort can be parallelized and Test effort can be parallelized. +   + Note : If we want to do it, then we must start working on this now. -- openSUSE Feature: https://features.opensuse.org/306428

Feature changed by: Madhan P (PMadhan) Feature #306428, revision 11 Title: Reduction and management of the proxy users in a OES deployment Requested by: Haripriya Srinivasaraghavan (sharipriya) Description: ECO for: 1) A proxy user screen at the beginning of OES installation, where the following fields would be present * A proxy user input field which is auto-populated with a proxy user from the relevant scope - this could be a name of the user if already existing, or the name of a new user to create. The name entered in this field will become the default “OES proxy user” for all the services on that server. * A proxy user password field which will be filled by the install user. * A radio button which allows the administrator to select creation of proxy users at any of various levels/scope– * one proxy user per service per server * one proxy user per server (Default) * one proxy user per partition * one proxy user per tree * For all the services using proxy user, the proxy user and password fields will be auto-populated. The services will add the required rights or policies to this proxy user. * Based on the granularity of proxy users, this utility will allow the administrator to reset the proxy user passwords of the proxy user for all the services on a given OES box. 2) A utility to change all the proxy user passwords with one command. Use Case: This is a problem reported by customers in EMEA including WDR, Postbank, Novell consultants, and Marcel Cox. When there are many proxy users (like we default to with OES2 and OES2 SP1), the problem of managing and synchronizing the passwords when they expire becomes a very big problem. The number of proxy users also has an implication on the number of user licenses that would get consumed, and this also causes concern with customers. With this feature the install administrator will be able to select how many proxy users their organization will use, and where to place them. Also, the default will be to create one proxy user per server instead of for every OES service, which results in reduction of proxy users immediately. Discussion: #1: Haripriya Srinivasaraghavan (sharipriya) (2009-05-13 11:30:40) ...snipped... The admin (LDAP) user and password are generated in two places in the OES install. If eDir is to be installed on the box, then one of the eDir screens contains this information. If eDir is not to be installed on the box then there is an LDAP screen which contains this data. For this ECO, we would add GUI in both of those places to handle the proxy user as described in the ECO. The data in these screens would be defaulted to a well-known name (e.g. "oes_proxy_user") and would be located in the server's context (e.g. "cn=oes_proxy_user.o=". We could also auto-generate a password. Radio buttons would also be on this screen for "partition-wide" and "tree-wide" with a default set. The values entered in these screens would be passed down to a script to be provided to me (developed in India) that will do the work of proxy- configuration, etc. Also, the values entered in these screens will be the defaults for proxy users in the product configuration screens for the product that currently have proxy users. I would estimate about 3 days to implement and unit test my piece (new GUI and logic) of the above. Mark T. Clark ...snipped... #2: Alok Panda (alok_panda) (2009-05-21 12:25:17) Test Estimate DT = 13 daysSIT = 15 daysST = 14 days Total Test effort = 42 days Development Estimate AFP/DNS/DHCP = 5 days CIFS = 2 days DSFW = 5 days iFolder = 5 days NCS = 2 days Common script for fresh install = 6 days Script for resetting password = 3 days UI from Mark = 3 days Integration = 6 days Development effort = 37 daysAll total = 79 daysMost of the development effort can be parallelized and Test effort can be parallelized. -   Note : If we want to do it, then we must start working on this now. #3: Lokesh Babu (klokesh) (2009-05-21 13:35:54) (reply to #2) While testing OES Install components, found out that LUM and NetStorage are also uisng Proxy User. Effort needs to be estimated for these two components also -- openSUSE Feature: https://features.opensuse.org/306428