Fran�ois Pons wrote: > Le lun 06/01/2003 � 18:23, Buchan Milne a �crit :
>>I was wondering if there were some applications that would apply to >>Mandrake. Some examples: >> >>1)urpmi support for ldap, so that on every boot (and via cron?) machines >>would check which software they: >>a)Must have >>b)should not have > > > This is the generic problem of distributed urpmi but with a lesser > extend. It means if almost everyone login at the same time, there will > be a lot of traffic downloading files ? Only if they all need new packages. Assuming not everyone runs cooker (;-)) this shouldn't occur too often, and hopefully large roll-outs would happen via cron. The biggest advantage though comes when installing a new machine, you can auto-install the machine as basic as you like, and on first boot it will find urpmi sources and install site-specific packages assigned to the machine (or it's OU, say when PTC releases their linux version of Pro\Engineer, and we have converted all our CAD stations to Mandrake ;-)), when the user logs in, user-specific software would be installed (say our Kylix users). In most cases, software installation would not be that frequent. Updates can just be pulled nightly from a custom update source, so updates shouldn't really be affected at al. BTW, I haven't really played with --parallel much yet ... > > This could be another tools (of urpmi suite) allowing such behaviour, > for me it looks like better in that way. > Sure. > But I think adding or removing a software is very hard for the user, it > removes a lot of freedom ? > Proprietary licenses remove freedom ... especially when they don't have network-licenses ... this would just make it easier to control aspects of software distribution. In most cases one wouldn't add too many Conflicts (except maybe nmap and other cracking tools) on most machines. > >>and automatically install/remove the software. This >>2)urpmi support for configuring urpmi sources in ldap >>See above, assume you have a new application you want to roll out to all >>desktops, create a new urpmi source which as the app, add the package to >>list of required packages for the OU containing the machines, and go home. >>(yes, there is overlap with urpmi --parallel). > > > Of course it overlaps, see above. > > It remove all the benefit of --parallel on bandwith. > I haven't used --parallel, so don't know what advantages it has in bandwidth ... but assuming urpmi would run via cron, you could schedule the LDAP mod to occur after-hours. > >>3)msec support for ldap, so that security policies can be implemented >>per OU (including inheritance etc). > > > Adding this to urpmi will imply adding this to msec as well ? Not necesarrily, but there would be great advantage to being able to modify msec behaviour via LDAP, at present the best was is a conficuration rpm which contains : [bgmilne@bgmilne bgmilne]$ cat /etc/cae/security/msec/level.local #!/usr/bin/python from mseclib import * allow_user_list(0) [bgmilne@bgmilne bgmilne]$ cat /etc/security/msec/level.local #!/usr/bin/python from mseclib import * allow_user_list(0) (user lists aren't that useful with LDAP and 100+ users) The post-install script in our cae-conf package updates all config files that exist in /etc/cae or /usr/cae (thanks kdm ...). > > And sorry for answering lately, No problem. Buchan -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
