NetworkDirectoryManagement
Launchpad Entry: server-karmic-directory-management
Created:
Contributors:
Packages affected:
Summary
Release Note
Rationale
User stories
- create/edit/update/delete a user/group/host/service via web and CLI.
- search for user/group/host/service via web and CLI.
- change user password.
Assumptions
Design
Several options:
Freeipa v2
Pros:
- Actively developed.
- Solves our use cases.
- Infrastructure already available:
- install scripts
- management interface in python, both CLI and web.
Cons:
Upstream only interested in supporting Fedora Directory Server: https://www.redhat.com/archives/freeipa-users/2009-May/msg00020.html
v2 targeted for Q3 2009: https://www.redhat.com/archives/freeipa-users/2009-June/msg00008.html
- Technical choice (minor): xmlrpc.
Freeipa v1
Pros:
- already released.
- support base use case.
- web + cli support.
Cons:
- v2 is a rewrite.
- unknown support from upstream for v1.
smbldap-tools
Pros:
- already packaged.
- minor updates to support default DIT.
Cons:
- Only covers User/Group mgmt.
- upstream not very active.
- cmd line only.
ldapscripts
Pros:
- already packaged.
- minor updates to support default DIT.
Cons:
- Only covers User/Group mgmt.
- Cmd line only
Gosa
- web interface written in php.
- no CLI.
- ACL stored as an attribute in the object rather than using the native openldap ACL system.
New mgmt interface
(pylons|turbogears)+lazr.restful+lazr.restclient.
Something similar to the new Mailman 3 admin interface: http://wiki.list.org/display/DEV/PyCon+Sprint+2009
Implementation
FreeIPA v1
- Update to support different DIT and package relevant part of freeipa v1 components:
- ipa-server/xmlrpc-server
- ipa-admintools
- ipa-server/ipa-gui
Note: ipa-kpasswd is not needed as it's supported in kadmind starting from 1.7.
UI Changes
Code Changes
Migration
Test/Demo Plan
Unresolved issues
BoF agenda and discussion
UDS Karmic discussion
= Managing the Directory = * Tool target Audience. * Tools for system admins, or users. * Allow customization by admins. * phpldapadmin * Need task specific tools. * Won't be provided by Ubuntu because they are too specific to the domain. * Should Ubuntu make the task easier? * Provide tools to manage the default DIT. * MDS tools. * Goza * Cluttered interface. * Not all features may be useful. * smbldaptools * Works well. * Needs some configuration. * Need to learn new commands. * Apache Directory Studio * Tool for System Admin. * adduser added functionality. * Will adduser only affect local user's, or the whole directory. * To manipulate the directory a special switch would be needed. * Still have an issue with password sync. * Focus on one task at a time. * Provide New tools for the Directory. * Web Admin component. * Web2LDAP -- customized * Need a write interface to the NSS attributes. * getent * putent * delent * Need to specify which backend to manipulate. * For Karmic * adduser * addgroup * modifygroup * addhost? * sudoers
NetworkDirectoryManagement (last edited 2009-07-27 23:45:18 by ua-178)