DefaultLDAPDITForUserGroupMgmt

Revision 5 as of 2007-11-20 00:15:23

Clear message

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

The spec describes a basic LDAP directory service for Ubuntu.

Release Note

Rationale

Installing the default openldap package requires a lot of manual steps to get a complete directory infrastructure up and running. Setting up the directory structure requires knowledge about schemas and ldap trees.

Use Cases

  • Andrew installs an ldap server on ubuntu. After answering basic questions during the installation of the package, he can manage users and groups with the standard system utils (adduser, addgroup) and setup other clients in his network to authenticate against his new ldap directory.

Assumptions

Design

Installation

A new task in tasksel will be provided. It will install all the relevant packages (server and administration tools). Configuration and integration of the different services will also be provided by the task.

Directory server

A default layout suitable for user and group management in a unix environment will be provided:

DIT layout

  • dn: dc=example,dc=com
    • dn: cn=accounts
      • dn: cn=users
      • dn: cn=groups

User/group management tools

Implementation

Installation

The user will be prompted for the base dn, the administrator password. The task will then populate a default DIT in the ldap server. The administration tools will be configured to use the local ldap server by default.

Installation of the necessary schemas should be done with the new configuration api available in openldap 2.4. Editing the slapd configuration shouldn't be needed.

Directory server

Openldap 2.4 will be used as the ldap server.

Users will be defined with the following classes:

Groups will be defined with the following classes:

Migration

Test/Demo Plan

Outstanding Issues

BoF agenda and discussion

CategorySpec