While we're at it, why not use/adopt the 389 directory server ? Isn't it better to get something that's been built to work as a complete solution, than to tie different independent projects to work together to achieve the same thing. This and that FreeIPA is getting better and better ( and it requires 389 ). Just my thoughts.
----- Original Message ----- > > Lately I've been involved in creating OpenLDAP DIT for schools > > running on Lucid and one thing that I've been wondering is whether > > it would be > > possible to define one standard structure for Ubuntu that all tools > > would be configured to use by default. That wouldn't take away the > > possibility of configuring everything differently, but all tools and > > tutorials would follow this one model. > > > > Out of curiosity I checked what the defaults are in different > > systems. If I got things written down correctly, the different > > default structures > > I could find were: > > > > Hardy slapd package init script and OpenDS: > > * ou=People > > * ou=Groups > > > > smbldap-tools: * ou=Users > > * ou=Groups > > * ou=Computers > > * ou=Idmap > > > > openldap-dit and openldap-mandriva-dit are based on RFC2307bis: > > * ou=People > > * ou=Group > > * ou=Hosts > > * ou=System Accounts > > * ou=System Groups > > * ou=Kerberos Realms > > * ou=Idmap > > * ou=Address Book > > > > Fedora / FreeIPA uses something completely different: > > * cn=users,cn=accounts > > * cn=groups,cn=accounts > > * cn=computers,cn=accounts > > * cn=services,cn=accounts > > * cn=account inactivation,cn=accounts > > * cn=Kerberos > > > > Now different tools have different defaults and tutorials use > > randomly some names that probably confuse many people. > > > > Having one standard DIT that is installed by default would help a > > lot with external applications that are not packaged for Ubuntu. For > > example Moodle that is used in schools can use LDAP, but it needs to > > be configured properly. Writing a guide for that gets a lot easier > > if standard structure is available. > > > > As I wasn't aware of openldap-dit until recently, I've been working > > on a script to initialise slapd w/ssl and mit kerberos. The idea is > > that the script first checks which schemas and modules are installed > > and then adds the missing schemas and modules and configures them. > > It makes also > > possible to dump current configuration and check for common problems > > with ssl certificates and such. I try to get it uploaded somewhere > > soon so that others can see if it'd be helpful. > > > > Automatically loading the schemas sounds good, but how to configure > > overlays and ACLs for everything is something that would probably > > need some other solution. E.g. we have some needs for ACLs that > > probably don't make sense outside schools, but are needed for us as > > we have > > school districts, schools, superusers, school admins, teachers, > > pupils, etc.. > > > > Veli-Matti -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
