Today at Apachecon Europe 2009 I managed to get full multi-master LDAP replication working for the ASF.
So in the near future we will start using LDAP for authentication. This will include access to shell accounts, and Subversion. However additional features that will make use of authorisation extensions will follow shortly afterwards. We will use LDAP as the central, single sign on, access control centre.
LDAP will be used in the long term to manage access to all public facing services. Including, Subversion, shell account, JIRA, Bugzilla etc
One thing I discovered over the course of deploying and testing OpenLDAP, is that their documentation sucks. It is not very clear, or contain anywhere near enough detail or examples.
So right now I am enjoying a well earned beer. Cheers!!
