-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/28/2010 02:16 PM, Mark Foster wrote: > On 04/28/2010 09:45 AM, Andreas Hasenack wrote: >> with reasonable default ACLs, on which new LDAP >> administrators could build on and have a starting place for whatever >> setup they wanted > Do you or will you consider having phpldapadmin as part of this > "starting place"
I don't know, I kind of think that phpldapadmin could have its own bootstrapping/dit if it were pointed to a clean directory. I would like to stay as frontend-agnostic as possible. > Because, administering LDAP from the command line can have quite steep > learning curve vs. using the (web) gui once the dir servers is ready for > that. Having said that, I would certainly be interested in problems with my DIT and phpldapadmin or any other tool out there. I can think of one already which might break stuff out there, and that is the choosing of groups I made which follows RFC2307bis, and not RFC2307. Not all tools can cope with that (like smbldaptools, although it's trivial to fix it). > Also, if LDAP is to be integrated for the DNS, powerdns > (pdns-backend-ldap) does pretty well. Could be. I guess I could have a different ldif for each dns implementation, with its own schema. In fact, one of the things we talked about in the past UDSs, and which was done on the slapd package, is to make it so that other packages could hook into slapd and fill it with their schema and trees. This is possible because of the LDAPI authentication we have in place, which maps root (unix id 0) to the ldap admin, so any client that runs as root and connects to the LDAPI socket will be the ldap admin. Thus a package would be able to, say, inspect the existing schema, upload its own, etc. Think about that pdns-backend-ldap package asking in its postinst permission to configure the locally running ldap server for its needs, for example (with the default answer being "no, don't do that"). While some (most?) seasoned ldap admins would run away crying just by the thought of that, surely LDAP newbies would appreciate it. - -- Andreas Hasenack [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvYcSkACgkQeEJZs/PdwpBroACfbQbqBPtax4HhAyuZJ5wM2dAI 6jUAnRpmlB+C3d22VMOjFuSwzWKrQQrm =McG6 -----END PGP SIGNATURE----- -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
