-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/29/2010 06:21 AM, Javier Palacios wrote: >> I think the goal should be to get a starting point that helps newbies to >> at least *see* something when they point an ldap client to the server, >> and also allow more seasoned admins to build upon that tree. >> >> For me, that means: >> - - we need a database configured (indexes, checkpoints, caches, >> DB_CONFIG, etc) >> - - we need a tree root >> - - seems like ou=People and ou=Group are pretty common and we should also >> have them at least >> - - basic ACLs to protect content that is not even there yet (like >> userPassword, krb5key, samba hashes, etc) >> - - basic ACLs to allow for group-delegated based administration > > The two points above probably discard using phpldapadmin (and most web
The ACLs? > tools). I haven't looked for long, but it used a special user with > global privileges, so once you log in the web, you can do (nearly) > anything. They probably ask for the rootdn. In that case, just give them the DN of a user that is a member of the ldap admin group, it has the exact same effect. > I might add jxplorer as possible client (hopefully it's still alive) I think Apache Directory Studio is eating jxplorer's user base ;) > To this list I would add policies and associated ACL about what can be > changed by users (for example, select a different login shell). > > Maybe you can have a look at > http://kad.sourceforge.net/?action=slapd > where many of those points are covered. In the source repository of > the project, there are also some patches to be applied after > installing the slapd package and before configuring it (patchs built > against debian etch, as far as I remember). > Although the project is quite a bit abandoned, I'm more than glad to > contribute, or even revive it if useful. Thanks for the pointer, I'll take a look - -- Andreas Hasenack [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvZePUACgkQeEJZs/PdwpCruQCeJ4fFuIp/RgyWfBVC3cUo9gNa +hkAn36+n7MBSAgnnR7nEMNHtaCcBV0p =DPlL -----END PGP SIGNATURE----- -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
