On 06/25/2015 12:12 PM, Thomas Sailer wrote:
Am 25.06.2015 um 17:47 schrieb Simo Sorce:

Yes, the whole project is complex, but not because we like complexity,
it is complex because the problem space is complex and we are bound to
use existing protocols, which sometimes add in complexity, and we want
to offer useful features to admins, so they can think about managing
stuff and not about the plumbing all the time.

Sure, the problem space is a lot more complex than say ls.

But I think there is room for improvement, by making the individual tools somewhat more resilient to unexpected behaviour in other components.

+1 - just look at the bug lists for freeipa, 389, sssd, dogtag, etc.


For example, if there's any nsuniqueid group present in a users entry, login authentication via sssd breaks with a cryptic error message. It would be nice, IMO, if it didn't break or if it at least issued a better error message.

Sure.  For starters, there's https://fedorahosted.org/389/ticket/48161


Furthermore, a good graphical generic LDAP editor would make the admin's life significantly easier, IMO. I so far haven't found one. There's gq, which works, mostly, but crashes relatively frequently. I'm mostly using ldapvi now, which works quite well but only after studying its manual.

Have you tried Apache Directory Studio?


Thomas


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to