Mailinglist Archive: heroes (34 mails)

< Previous Next >
[heroes] membership system evaluation (was: Re: [opensuse-project] huge amount of SPAM)
Am February 23, 2019 3:33:36 PM UTC schrieb "jdd@xxxxxxxxx" <jdd@xxxxxxxxx>:
Let me start a fork of this thread to focus on evaluation of possible
solution and list of volunteers to do so

Voluteers (may be) are:

christian Boltz (data base)
jdd (galette and more)
Ish Sookun
Carlos (?)

(add or remove yourself :-)

I would join, but I don't have a good relationship with our chairman and
probably some other members any longer, so I don't expect that my help is
welcome. Which I accept, btw, no worries.

But as I explained my problems in this thread and these complaints might be one
of the starting points of the whole discussion, you can add Lars as general
contact for technical questions. I'm not sure if I'm allowed to do some hands
on stuff, but I will for sure do my best to answer any question or offer help
in other areas.

needs to fulfill:

* manage a member database with identification, allowing members to
check they data and keep them safe
* manage a way to allow people to ask to be a members
* connect the present base to the new one

solution proposed are:

opensource for sure:

* plain paper
* Nextcloud session + libreoffice calc
* galette (
* mysql + phpmyadmin

probably opensource (to check):

* admidio (
* clubmaster (
* civicrm (

please ad ideas here at will, but fork to add comments (change subject
or open a new one) thanks

I've one addition:
* FreeIPA + maybe some additional forms

But be warned: the idea behind this is bigger than a replacement of connect and
might end up in more work.

The idea behind:
Establish a new user directory for openSUSE.

You might know that the heroes use FreeIPA internally since a while for
authentication and DNS. FreeIPA is utilizing 389 directory (I will call it LDAP
from now, as I'm too old to remember numbers ;-) and has a bunch of other
features. Especially around authentication and systems management.

I think we should be able to define some new groups like "hero", "board",
"election_commitee", "member", "applicant", "user", ... and assign users to
these groups. -> all in LDAP. This needs ~10min initial work on the already
established system.

The freeipa server is running inside the private network. No setup needed. The
system is productive and maintained by the heroes already. Exporting members
with their Email settings might not even be needed: using an ldapsearch with a
special filter on the mail systems will already do the trick. For the IRC
nicknames export script, its about the adaption of the mysql to a ldap query...

Funnily, bugzilla, wikis and other openSUSE tools allow authentication against
LDAP since a long time. It might be possible to add the "freeipa LDAP" as
authorization source to the running services (in addition or as replacement).
This needs migration, cooperation, trust and some time - but would in the end
mean that openSUSE would become a bit more independent.

FreeIPA already has a WebUI, that would allow to manage the group membership
and other details very user friendly.

So, what is missing?
* There is currently no WebUI available in the public. The Heroes could forward
the existing UI to the public (especially for evaluation by the membership
committee), but this has to be discussed with them (in CC).

* There could be a form, that allows users to request their membership. This
could end up in a flag in LDAP, which in turn might result in a notification to
the membership committee - but IMHO a mailing list or a real ticket system
might be better for membership requests. This has to be discussed with the
membership committee (in CC).

* Once approved, members could be added in FreeIPA. Either by asking them to
fill out a registration form or by someone with enough rights in FreeIPA. Of
course: the best way might be to let them register themselves before they
submit their request. In this case, someone could simply add them the the right
group and everybody is happy. We need to discuss if they should/could use the
same username as they have now, but this is a detail.

* After some evaluation and testing, the community might want to migrate the
current Novell/openSUSE login stuff to FreeIPA - but this is not the question
here and should be discussed with the openSUSE community (in TO :-).


To unsubscribe, e-mail: heroes+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: heroes+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups