NetworkDirectoryManagement

Summary

Release Note

Rationale

User stories

  • create/edit/update/delete a user/group/host/service via web and CLI.
  • search for user/group/host/service via web and CLI.
  • change user password.

Assumptions

Design

Several options:

Freeipa v2

Pros:

  • Actively developed.
  • Solves our use cases.
  • Infrastructure already available:
    • install scripts
    • management interface in python, both CLI and web.

Cons:

Freeipa v1

Pros:

  • already released.
  • support base use case.
  • web + cli support.

Cons:

  • v2 is a rewrite.
  • unknown support from upstream for v1.

smbldap-tools

Pros:

  • already packaged.
  • minor updates to support default DIT.

Cons:

  • Only covers User/Group mgmt.
  • upstream not very active.
  • cmd line only.

ldapscripts

Pros:

  • already packaged.
  • minor updates to support default DIT.

Cons:

  • Only covers User/Group mgmt.
  • Cmd line only

Gosa

  • web interface written in php.
  • no CLI.
  • ACL stored as an attribute in the object rather than using the native openldap ACL system.

New mgmt interface

(pylons|turbogears)+lazr.restful+lazr.restclient.

Something similar to the new Mailman 3 admin interface: http://wiki.list.org/display/DEV/PyCon+Sprint+2009

Implementation

FreeIPA v1

  1. Update to support different DIT and package relevant part of freeipa v1 components:
    • ipa-server/xmlrpc-server
    • ipa-admintools
    • ipa-server/ipa-gui

Note: ipa-kpasswd is not needed as it's supported in kadmind starting from 1.7.

UI Changes

Code Changes

Migration

Test/Demo Plan

Unresolved issues

BoF agenda and discussion

UDS Karmic discussion

= Managing the Directory =

 * Tool target Audience.
  * Tools for system admins, or users.
  * Allow customization by admins.


 * phpldapadmin


 * Need task specific tools.
  * Won't be provided by Ubuntu because they are too specific to the domain.
  * Should Ubuntu make the task easier?

 * Provide tools to manage the default DIT.
  * MDS tools.
  * Goza 
   * Cluttered interface.
   * Not all features may be useful.
  * smbldaptools
   * Works well.
   * Needs some configuration.
   * Need to learn new commands.
 * Apache Directory Studio
  * Tool for System Admin.

 * adduser added functionality.
  * Will adduser only affect local user's, or the whole directory.
  * To manipulate the directory a special switch would be needed.
  * Still have an issue with password sync.

 * Focus on one task at a time.

 * Provide New tools for the Directory.
  * Web Admin component.
   * Web2LDAP -- customized
 
 * Need a write interface to the NSS attributes.
  * getent
  * putent
  * delent 
  * Need to specify which backend to manipulate.


 * For Karmic
  * adduser
  * addgroup
  * modifygroup
  * addhost?
  * sudoers


CategorySpec

NetworkDirectoryManagement (last edited 2009-07-27 23:45:18 by ua-178)