UDS Maverick: Call for Blueprints for Ubuntu Server

[Nikolai K. Bochev]

While we're at it, why not use/adopt the 389 directory server ?
Isn't it better to get something that's been built to work as a complete solution, than to tie different independent projects to work together to achieve the same thing. This and that FreeIPA is getting better and better ( and it requires 389 ).
Just my thoughts.

----- Original Message -----
> > Lately I've been involved in creating OpenLDAP DIT for schools
> > running on Lucid and one thing that I've been wondering is whether
> > it would be
> > possible to define one standard structure for Ubuntu that all tools
> > would be configured to use by default. That wouldn't take away the
> > possibility of configuring everything differently, but all tools and
> > tutorials would follow this one model.
> >
> > Out of curiosity I checked what the defaults are in different
> > systems. If I got things written down correctly, the different
> > default structures
> > I could find were:
> >
> > Hardy slapd package init script and OpenDS:
> > * ou=People
> > * ou=Groups
> >
> > smbldap-tools: * ou=Users
> > * ou=Groups
> > * ou=Computers
> > * ou=Idmap
> >
> > openldap-dit and openldap-mandriva-dit are based on RFC2307bis:
> > * ou=People
> > * ou=Group
> > * ou=Hosts
> > * ou=System Accounts
> > * ou=System Groups
> > * ou=Kerberos Realms
> > * ou=Idmap
> > * ou=Address Book
> >
> > Fedora / FreeIPA uses something completely different:
> > * cn=users,cn=accounts
> > * cn=groups,cn=accounts
> > * cn=computers,cn=accounts
> > * cn=services,cn=accounts
> > * cn=account inactivation,cn=accounts
> > * cn=Kerberos
> >
> > Now different tools have different defaults and tutorials use
> > randomly some names that probably confuse many people.
> >
> > Having one standard DIT that is installed by default would help a
> > lot with external applications that are not packaged for Ubuntu. For
> > example Moodle that is used in schools can use LDAP, but it needs to
> > be configured properly. Writing a guide for that gets a lot easier
> > if standard structure is available.
> 
> 
> > As I wasn't aware of openldap-dit until recently, I've been working
> > on a script to initialise slapd w/ssl and mit kerberos. The idea is
> > that the script first checks which schemas and modules are installed
> > and then adds the missing schemas and modules and configures them.
> > It makes also
> > possible to dump current configuration and check for common problems
> > with ssl certificates and such. I try to get it uploaded somewhere
> > soon so that others can see if it'd be helpful.
> >
> > Automatically loading the schemas sounds good, but how to configure
> > overlays and ACLs for everything is something that would probably
> > need some other solution. E.g. we have some needs for ACLs that
> > probably don't make sense outside schools, but are needed for us as
> > we have
> > school districts, schools, superusers, school admins, teachers,
> > pupils, etc..
> >
> > Veli-Matti