Yay! After so much procrastination, delays, grumblings, and peanut gallery interruptions LDAP is now in production use at the ASF.
It is a limited roll out, for now. We are only performing authentication through LDAP at the moment, authorization for the requisite services are still being performed by that said service. The roll out was not quite as smooth as I has hoped for, with issues relating to query sizes amongst others.
We are now working on the next phase of deployment, namely handling authorisation for shell access (POSIX) and for subversion users. There are some changes that we need to make to the way that we handle this forcing us to design a new system and method to control access.
We will then look to use LDAP for the storage of other user artifacts, such as .forward, and SSH keys.
See the official ASF Infra blog post here
