LDAP Out-of-the-box

Registered by R. Pereira Braga on 2007-07-25

Getting LDAP up and running on multiple machines with minimal effort (server or client).

The Ubuntu server team has been doing a fantastic job with the authtool, but it can work even better if the UI is extremely clear, and makes deploying an LDAP server simple.

Blueprint information

Status:
Started
Approver:
R. Pereira Braga
Priority:
Undefined
Drafter:
pclancy
Direction:
Needs approval
Assignee:
pclancy
Definition:
New
Series goal:
None
Implementation:
Good progress
Milestone target:
None
Started by
pclancy on 2007-08-17

Related branches

Sprints

Whiteboard

Couple of comments (stephan-buys):
          - Responses from Patrick tabbed in.
1) Please make sure you use the latest code (from Gutsy) http://bazaar.launchpad.net/~stephan-buys/network-authentication/authtool
          - This link isn't correct. Here is what I found: http://codebrowse.launchpad.net/~stephan-buys/network-authentication/authtool/files/stephan%40impilinux.co.za-20070716052356-8804cugpqjf9bk3p
2) Your screenshots reflect kerberos, is this tool just focussed on LDAP?
          - The plans were originally for just LDAP, but I want to take advantage of the work that was done in authtool.
          - I think that adding Kerberos makes it a better product.

Any comments or thoughts?

(<email address hidden>):
    Yes; Kerberos does, in fact make it a better product...it's true authentication, where LDAP has been kinda 'drafted' into the job. But LDAP is what everyone wants to use, it seems. Whatever state the Heron LDAP is, we need to work out a couple of things 'under the hood':

    - TLS and/or SSL encryption made easy. The certs don't have to be authentic, just available. I've tried doing this from the community-supplied wiki several times and no-joy.

    - A basic structure needs to be put in place for the user, if he doesn't have other plans. One with dc=domain,dc=dom, [people|groups] should be a starting point. If all we do is create something they're going to tear down, let's make it something that works, all the way to the pam-host-checking. This isn't as hard as it might seem. And the effort will give sysadmins the ability to tinker with something considered "proper" and "functional".

    I'm a sysadmin, not a programmer, really. But I'm enthusiastic about the project, and will install/reinstall things and run tests until I'm blue-faced if that's what it takes to make this happen. I'm also happy to write/test/organize documentation.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.