UDS Maverick: Call for Blueprints for Ubuntu Server

[Javier Palacios]

> I think the goal should be to get a starting point that helps newbies to
> at least *see* something when they point an ldap client to the server,
> and also allow more seasoned admins to build upon that tree.
>
> For me, that means:
> - - we need a database configured (indexes, checkpoints, caches,
> DB_CONFIG, etc)
> - - we need a tree root
> - - seems like ou=People and ou=Group are pretty common and we should also
> have them at least
> - - basic ACLs to protect content that is not even there yet (like
> userPassword, krb5key, samba hashes, etc)
> - - basic ACLs to allow for group-delegated based administration

The two points above probably discard using phpldapadmin (and most web
tools). I haven't looked for long, but it used a special user with
global privileges, so once you log in the web, you can do (nearly)
anything.
I might add jxplorer as possible client (hopefully it's still alive)

> - - an admin group, with a member for whom we have a password. This member
> is what the user should use. This concept of administration group
> resonates quite nicely with the default ubuntu sudo setup.
>

To this list I would add policies and associated ACL about what can be
changed by users (for example, select a different login shell).

Maybe you can have a look at
http://kad.sourceforge.net/?action=slapd
where many of those points are covered. In the source repository of
the project, there are also some patches to be applied after
installing the slapd package and before configuring it (patchs built
against debian etch, as far as I remember).
Although the project is quite a bit abandoned, I'm more than glad to
contribute, or even revive it if useful.

Javier Palacios