I've been thinking of altering (complementing is what i really wanted
to do) config.pl in order to provide LDAP support for lookup values.
The way i see it both actual supported methods have pros and cons;
- CSV file backend
pro - Easy to setup, for those who know what they're doing. It only
requires a basic line editor.
pro - Being accessed through samba, provides a rather good security
layer based on crypted user credentials.
con - Difficult to setup, for those who don't know what they're doing
(fairly big number of operators don't).
con - Difficult to write frontends to. Everything that involves file
read/writing is a PITA to develop.
- MySQL backend
pro - Easy to write frontends to. Almost anyone developing in the web
environment can write a frontend for that.
pro - Having a nice frontend built, one doesn't have to rely on the will
of the operator to learn. He just points and clicks.
con - At this time, that i know of, there is no support for a secure
connection by the install agent and the MySQL database. One using
sniffing software can get MySQL user and passord credentials, database
name, product keys, etc, etc.
My proposal is for another backend scheme support. The LDAP design
seems like a winning bet to me since it's aimed for queries, provides
security access to it's database through ACLs, the use of SSL/TLS and
the hability to query uppon identification, either using login/password
credentials, signed client certificates, SASL support, etc.
That said, i'd like to provide a list of pros and cons for this
approach;
- LDAP backend
pro - Highly secure connections. (SSL/TLS, certificates, ACLs, etc)
pro - Database replication based on subsets of the database hierarchy.
Have one "big" LDAP server at headquarters with all the organization
computers and "smaller" LDAP replicas in regional offices having the
computer configurations for that specific office only.
pro - Great perl-ldap API through the numerous perl modules available
out there (just search CPAN).
pro - Hability for the agent to seamlessly change it's own record state
while installing. One can think of scheduling installs (boot on lan) and
provide installed/not installed state.
pro - Hability to easily write custom frontends (or use already existing
LDAP clients) for machine install administration. The operator doesn't
have to take a college degree anymore, he just points and clicks.
con - At this time, that i know of, there is no code done to support
this.
con - At this time, that i know of, there is no LDAP schema to support
this.
Having all that said, i'd like to know what all you guys think.
I really think this can be a good thing(tm), but i'm also aware that it
can give some work to put all this up. I have a fairly good knowledge of
LDAP and i'm willing to help this coming true, either by clarifying LDAP
related issues or even writting code.
Having all that said, i'd like to know what all you guys think. My
guess is that i'm going to go on with this either way, but not only
having somebody else putting effort on it helps this happen, but also if
there is interest, this can be done in a way to "please" some other
unattended user.
Cheers,
Hugo Monteiro.
--
javali:~# cat .signature
Hugo Monteiro
Email : [EMAIL PROTECTED]
Telefone : +351 916993183
JavaLi - ADSI, Lda.
Madan Parque EdifĂcio VI Campus da FCT/UNL
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212949666 Fax: +351 212948313
www.javali.pt [EMAIL PROTECTED]
javali:~# _
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
unattended-info mailing list
unattended-info@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/unattended-info
