On Sat, 23 Feb 2019 at 20:49, Lars Vogdt <lrupp@suse.de> wrote:
I would join, but I don't have a good relationship with our chairman and probably some other members any longer, so I don't expect that my help is welcome. Which I accept, btw, no worries.
From my perspective your contributions to this solution would be absolutely welcome.
But as I explained my problems in this thread and these complaints might be one of the starting points of the whole discussion, you can add Lars as general contact for technical questions. I'm not sure if I'm allowed to do some hands on stuff, but I will for sure do my best to answer any question or offer help in other areas.
From my view there is nothing that should prevent you or any other volunteer from being allowed to do hands on stuff to solve this issue. If there are factors I'm unaware of, then I'd suggest we discuss that offlist. I'm prepared to help in any way I can to remove any such blockers. If it would make you more comfortable, I'd suggest emailing board@opensuse.org if you wish an alternative to contacting me
I don't know what you mean by "if I'm allowed". directly.
I've one addition: * FreeIPA + maybe some additional forms
But be warned: the idea behind this is bigger than a replacement of connect and might end up in more work.
The idea behind: Establish a new user directory for openSUSE.
You might know that the heroes use FreeIPA internally since a while for authentication and DNS. FreeIPA is utilizing 389 directory (I will call it LDAP from now, as I'm too old to remember numbers ;-) and has a bunch of other features. Especially around authentication and systems management.
I think we should be able to define some new groups like "hero", "board", "election_commitee", "member", "applicant", "user", ... and assign users to these groups. -> all in LDAP. This needs ~10min initial work on the already established system.
The freeipa server is running inside the private network. No setup needed. The system is productive and maintained by the heroes already. Exporting members with their Email settings might not even be needed: using an ldapsearch with a special filter on the mail systems will already do the trick. For the IRC nicknames export script, its about the adaption of the mysql to a ldap query...
Funnily, bugzilla, wikis and other openSUSE tools allow authentication against LDAP since a long time. It might be possible to add the "freeipa LDAP" as authorization source to the running services (in addition or as replacement). This needs migration, cooperation, trust and some time - but would in the end mean that openSUSE would become a bit more independent.
FreeIPA already has a WebUI, that would allow to manage the group membership and other details very user friendly.
So, what is missing? * There is currently no WebUI available in the public. The Heroes could forward the existing UI to the public (especially for evaluation by the membership committee), but this has to be discussed with them (in CC).
* There could be a form, that allows users to request their membership. This could end up in a flag in LDAP, which in turn might result in a notification to the membership committee - but IMHO a mailing list or a real ticket system might be better for membership requests. This has to be discussed with the membership committee (in CC).
* Once approved, members could be added in FreeIPA. Either by asking them to fill out a registration form or by someone with enough rights in FreeIPA. Of course: the best way might be to let them register themselves before they submit their request. In this case, someone could simply add them the the right group and everybody is happy. We need to discuss if they should/could use the same username as they have now, but this is a detail.
* After some evaluation and testing, the community might want to migrate the current Novell/openSUSE login stuff to FreeIPA - but this is not the question here and should be discussed with the openSUSE community (in TO :-).
Oh boy, talk about a comprehensive solution. This solution would also be compatible with some casual enquiries discussed with the Board recently. If this is an idea the community likes and is willing to work behind, I can see potential in this solution to tie together nicely with other requirements that are currently coalescing over the horizon. Might be worth the work -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org