Re: More on the future LDAP admin gui in Debian Edu

To: debian-edu@lists.debian.org
Subject: Re: More on the future LDAP admin gui in Debian Edu
From: Petter Reinholdtsen <pere@hungry.com>
Date: Thu, 21 Oct 2010 17:55:45 +0200
Message-id: <20101021155545.GC17349@login1.uio.no>
In-reply-to: <20101021151712.GA29973@flashgordon>
References: <20100719192727.GB6444@login2.uio.no> <20100724214358.GL6389@jones.dk> <20100725175515.GO9558@gnu-tec.de> <20100730175544.GE6444@login2.uio.no> <20100927165944.GM31568@login2.uio.no> <20101021151712.GA29973@flashgordon>

[Andreas B. Mundt]
> What is the plan?

Who do you expect to make this decision?

> Almost since the beginning of this year we decide *not* to decide
> anything at all concerning LDAP administration. I think this is fine
> for some time, to see how things evolve.

Given the lack of progress with alternatives cipux and lwat, and the
fact that gosa is the only solution that is working thought it only
partly solve our needs, I propose we decide that we drop lwat from
squeeze, and bring gosa up to speed with our needs.

For the specific LDAP setup, I believe we should change our Gosa setup
to have a "flat" ldap directory (ie no students and teachers
subtrees), and use the traditional three levels of administrative
access (admin with full access, jr. admin with limited access and the
rest with no special privileges.

And if no-one else are ready to make the decision, I am happy to take
it as the system architect of Debian Edu, but it require someone to
actually implement the directory structure change and the access level
change.  With the flat structure and the three levels of access, we
have not tied ourself too tight to gosa and should be able to migrate
to other tools in the future, as well as making it possible for sites
to use other tools if they want to.

> As Petter already listed, we have 3 candidates: CipUX, GOsa and
> lwat. (Or is there already another one approaching?)

Given that cipux is not not present as a solution in Squeeze, lwat is
broken and gosa is limping along, I believe we only have one realistic
alternative - gosa.  Not to happy with the home grown LDAP schemas
gosa is using, but our hands seem tied and no sensible alternative
have shown up this year.

I expect us to have to maintain our own set of gosa packages in our
own repository to get a version with support for netgroups and
kerberos and the other things that are missing.  I also hope we can
get support for powerdns to avoid having to rewrite that part of the
server setup.

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: More on the future LDAP admin gui in Debian Edu
  - From: Holger Levsen <holger@layer-acht.org>
- Re: More on the future LDAP admin gui in Debian Edu
  - From: Benoit Mortier <benoit.mortier@opensides.be>
- Re: More on the future LDAP admin gui in Debian Edu
  - From: "Andreas B. Mundt" <andi.mundt@web.de>

References:
- Re: More on the future LDAP admin gui in Debian Edu
  - From: "Andreas B. Mundt" <andi.mundt@web.de>

Prev by Date: Re: More on the future LDAP admin gui in Debian Edu
Next by Date: Re: More on the future LDAP admin gui in Debian Edu
Previous by thread: Re: More on the future LDAP admin gui in Debian Edu
Next by thread: Re: More on the future LDAP admin gui in Debian Edu
Index(es):
- Date
- Thread