On 06/25/2015 12:12 PM, Thomas Sailer wrote:
Am 25.06.2015 um 17:47 schrieb Simo Sorce:
Yes, the whole project is complex, but not because we like complexity,
it is complex because the problem space is complex and we are bound to
use existing protocols, which sometimes add in complexity, and we want
to offer useful features to admins, so they can think about managing
stuff and not about the plumbing all the time.
Sure, the problem space is a lot more complex than say ls.
But I think there is room for improvement, by making the individual
tools somewhat more resilient to unexpected behaviour in other
+1 - just look at the bug lists for freeipa, 389, sssd, dogtag, etc.
For example, if there's any nsuniqueid group present in a users entry,
login authentication via sssd breaks with a cryptic error message. It
would be nice, IMO, if it didn't break or if it at least issued a
better error message.
Sure. For starters, there's https://fedorahosted.org/389/ticket/48161
Furthermore, a good graphical generic LDAP editor would make the
admin's life significantly easier, IMO. I so far haven't found one.
There's gq, which works, mostly, but crashes relatively frequently.
I'm mostly using ldapvi now, which works quite well but only after
studying its manual.
Have you tried Apache Directory Studio?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project