[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cipux in NEW queue

Kurt Gramlich wrote:

* Steffen Jöris <Steffen.Joeris@skolelinux.de> [070403 13:23]:


Hi fellowers

The cipux packages were uploaded to the NEW queue[0] 3 days ago.
After the ftp-team examined the package, we decided to move the discussion about its inclusion or rejection to the public developer list. I set the reply-to to debian-edu@lists.debian.org, please keep it on that list.
The current point which needs to be discussed is the use of the cipux-rpc.postinst script. This script calls various cipux commands (or a cipux command which calls another cipux command ...) which in the end fills in LDAP data. Note that I did not completely examine the script, so somebody else might want to give an explanation here. My personal understanding is, to put it into a nutshell, that cipux needs to fill in the LDAP data with own attributes in order to function. I would consider this as a violation of the debian policy, because it adds (without noticing) ldap data which no admin would expect while installing it and it gets not removed during a purge. 

Not ldap date but it builds up a ldap tree. Regard CipUX with its
functions more as a replace for webmin as a replace for wlus.

AFAIK DebianEdu configures his own LDAP tree since we are using
Openldap.

Did you test that it gets not removed during a purge?


This is a preseedable  debconf question i assume ?
so that if you install from a CCD,like debian-edu, as a fresh install it can be preseeded to run. 
If you install it manually on a fresh debian you can choose to run it.
If you install it on a live ldap you can choose to not run it and read the docs or use other tools to migrate your data/adjust the tree ?
The question here would be, if this is really a violation, if so how can it be avoided or in a drastical case, do we want to ignore it and consider it a special case, which is possible through our policy[1], but strongly not recommended and should only be a temporary solution. 

To build up a ldap tree has to be, anyway which one. Without you
are not able to use ldap.

So in my view it is not a violation of our policy.
My question now is concerning debian-edu, is it really necessary to change the LDAP data and if so why? 

Yes, because our users need it. We will fullfill the needs of or
users.

You might discuss if we use another database to store the data.
But i think its the best to use only one.
Is there any backwards compatibility with the old LDAP data, e.g. will the old users show up or can an admin just insert an old ldap backup and everything works? 

Would be nice to have.
Do we care about backwards compatibility or how do we want to offer Debian-Edu/Skolelinux 3.0 and keep the admin effort to a minimum while upgrading to the new version? 

Yes we care, if the manpower is enough to do it.
i think careing about backwards compatibility is a requirement, since we can not expect all schools to have the funds on budget to hire the requiered consultants to handle this.
The question is do we have the needed manpower to sufficiently test automagicaly migrating ldap's to cipux's ldap tree.
Another question I would like to add is if cipux will work with other adminstration systems. 

What do you mean? Other ldap trees? lwat? webmin? wlus? ghosa?
In the debian-edu repository there is lwat and i am not quite sure what debian offers. 

It is perhaps a little late to ask this queation? I have checked
other alternatives and i did not found, what our users need. So i
believe, CipUX is the choice.

We have CipUX here in german schools running because the admins asked for
the functionalities. CipUx is running in french schools because
of the users needs ...
CipUx might be what many users need. but it's not what all users need. So i hope lwat will be able to easily adapt to cipux's ldap tree, since for many schools lwat will be sufficient.
personally i'd prefer that we did not mess up a lot of ldap databases by upgrading to cipux'ldap as default. But rather replaced wlus with lwat for the upgrades, but provide cipux as apt-get able packages that users can migrate to if wanted. of course exsisting users that allready have cipux (french and german) would be upgraded to cipux since that package is installed on their system. 

now on a freshly installed system we must either
- install skole ldap with lwat as admintool (cipux apt-get able)
- install cipux ldap with cipux and lwat as admintool. (i am assuming lwat can support cipux's ldap)
i say cipux AND lwat since different users have different needs. and I dislike locking users into a system, having 2 options is a benefit. 


Ronny Aasen
Reply to: