> I think the goal should be to get a starting point that helps newbies to > at least *see* something when they point an ldap client to the server, > and also allow more seasoned admins to build upon that tree. > > For me, that means: > - - we need a database configured (indexes, checkpoints, caches, > DB_CONFIG, etc) > - - we need a tree root > - - seems like ou=People and ou=Group are pretty common and we should also > have them at least > - - basic ACLs to protect content that is not even there yet (like > userPassword, krb5key, samba hashes, etc) > - - basic ACLs to allow for group-delegated based administration
The two points above probably discard using phpldapadmin (and most web tools). I haven't looked for long, but it used a special user with global privileges, so once you log in the web, you can do (nearly) anything. I might add jxplorer as possible client (hopefully it's still alive) > - - an admin group, with a member for whom we have a password. This member > is what the user should use. This concept of administration group > resonates quite nicely with the default ubuntu sudo setup. > To this list I would add policies and associated ACL about what can be changed by users (for example, select a different login shell). Maybe you can have a look at http://kad.sourceforge.net/?action=slapd where many of those points are covered. In the source repository of the project, there are also some patches to be applied after installing the slapd package and before configuring it (patchs built against debian etch, as far as I remember). Although the project is quite a bit abandoned, I'm more than glad to contribute, or even revive it if useful. Javier Palacios -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
