UDS Maverick: Call for Blueprints for Ubuntu Server

Andreas Hasenack andreas at canonical.com
Thu Apr 29 12:17:58 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/29/2010 06:21 AM, Javier Palacios wrote:
>> I think the goal should be to get a starting point that helps newbies to
>> at least *see* something when they point an ldap client to the server,
>> and also allow more seasoned admins to build upon that tree.
>>
>> For me, that means:
>> - - we need a database configured (indexes, checkpoints, caches,
>> DB_CONFIG, etc)
>> - - we need a tree root
>> - - seems like ou=People and ou=Group are pretty common and we should also
>> have them at least
>> - - basic ACLs to protect content that is not even there yet (like
>> userPassword, krb5key, samba hashes, etc)
>> - - basic ACLs to allow for group-delegated based administration
> 
> The two points above probably discard using phpldapadmin (and most web

The ACLs?

> tools). I haven't looked for long, but it used a special user with
> global privileges, so once you log in the web, you can do (nearly)
> anything.

They probably ask for the rootdn. In that case, just give them the DN of
a user that is a member of the ldap admin group, it has the exact same
effect.

> I might add jxplorer as possible client (hopefully it's still alive)

I think Apache Directory Studio is eating jxplorer's user base ;)

> To this list I would add policies and associated ACL about what can be
> changed by users (for example, select a different login shell).
> 
> Maybe you can have a look at
> http://kad.sourceforge.net/?action=slapd
> where many of those points are covered. In the source repository of
> the project, there are also some patches to be applied after
> installing the slapd package and before configuring it (patchs built
> against debian etch, as far as I remember).
> Although the project is quite a bit abandoned, I'm more than glad to
> contribute, or even revive it if useful.

Thanks for the pointer, I'll take a look

- -- 
Andreas Hasenack
andreas at canonical.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvZePUACgkQeEJZs/PdwpCruQCeJ4fFuIp/RgyWfBVC3cUo9gNa
+hkAn36+n7MBSAgnnR7nEMNHtaCcBV0p
=DPlL
-----END PGP SIGNATURE-----




More information about the ubuntu-server mailing list