UDS Maverick: Call for Blueprints for Ubuntu Server

Benjamin Griese der.darude at gmail.com
Wed Apr 28 17:11:27 UTC 2010


Hi Andreas,

i just took a look on your your work and I agree to Mathia[sz] thats a good
start.
I think of a debconf menu similar to the nss_ldap and openldap-client one's,
that is asking you for your needs to build some ldifs from a base.
I havn't tested your script, maybe its already doing this in your scripting
way. That should be as system-compliant as possible, in the way it uses the
given tools.

Just my small opinion.

Anyway, you did good work by collecting the information and building the
different ldif's for the diferent purposes.
Sometime when I search for some Information about OpenLDAP, its major pain
in the ass to find anything useful on the net or on the mailing list that
fits your needs.

Hopefully, this is getting integrated to make the really interesting stuff
of ldap a really useful stuff, even in small networks where the admin hasn't
heard about central user/whatever management ever.

Glad to see you active here.

Bye, Benjamin.

On Wed, Apr 28, 2010 at 18:45, Andreas Hasenack <andreas at canonical.com>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/27/2010 04:47 PM, Roderick B. Greening wrote:
> > I second this.
> >
> > I am attempting (unsuccessfully) to get an Open LDAP setup so that I can
> > perform authentication across systems and services.
> >
> > It would be ideal if there were an easy way to setup LDAP and via some
> basic
> > questions, get you up an running.
> >
> > I'm all for helping out on such an endevour (from the "what I need it to
> do"
> > department and not the technical of LDAP.. which I am weak on).
>
> Hi, I created openldap-dit.
>
> The goal of the openldap-dit project was never to create a set of tools
> to create users and other objects in the directory, but rather setup a
> basic tree, with reasonable default ACLs, on which new LDAP
> administrators could build on and have a starting place for whatever
> setup they wanted. I know trees can take many shapes and forms.
>
> It can surely be simplified by removing dns and dhcp, which are the most
> complex branches in there I think, specially since bind in ubuntu
> doesn't work with ldap so well.
>
> I also think that the move to cn=config made it more difficult, if not
> impossible, for people not familiar with ldap to get to a starting
> point, at least without something like a default dit with an admin and
> some basic ACLs. The DIT I created I think helps, and I would love to
> hear some feedback about people who tried to use it. I know some of its
> pain points, but without people complaining or using it I don't have
> much motivation to fix it. And I'm at fault with that, because I never
> exactly made it very public.
>
> - --
> Andreas Hasenack
> andreas at canonical.com
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkvYZjMACgkQeEJZs/PdwpCkpgCfeK46PCXwtBcax3bSJEIbsbO/
> tjIAoMim4vfjAuiIu97eOCKGChTktTZh
> =aJi9
> -----END PGP SIGNATURE-----
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is
to do -- Sartre | Do be do be do -- Sinatra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100428/ed84ac14/attachment.html>


More information about the ubuntu-server mailing list