Re: Need in Extremadura for LDAP admin interface

To: debian-edu@lists.debian.org
Subject: Re: Need in Extremadura for LDAP admin interface
From: Finn-Arne Johansen <faj@bzz.no>
Date: Tue, 15 Feb 2011 14:46:29 +0100
Message-id: <4D5A83B5.2040304@bzz.no>
In-reply-to: <1297698005.3173.67.camel@localhost>
References: <201102131245.42000.holger@layer-acht.org> <1297610264.3173.11.camel@localhost> <20110213200528.GK6772@jones.dk> <1297698005.3173.67.camel@localhost>

On 14. feb. 2011 16:40, José L. Redrejo Rodríguez wrote:
> El dom, 13-02-2011 a las 21:05 +0100, Jonas Smedegaard escribió:
>> On Sun, Feb 13, 2011 at 04:17:44PM +0100, José L. Redrejo Rodríguez wrote:
>>> Our servers still remain in lenny and our plans to move to squeeze (or 
>>> wheeze) include the development of a lwat replacement. We need to 
>>> develop it to fit our needs as we have to create accounts massively 
>>> every beginning of the course using as source an external application 
>>> where our ministry manages all the educational data for every citizen. 
>>> So, neither gosa, cipux or lwat can fulfill our needs, and a custom 
>>> development is the only solution I can see.
>>
>> Could you elaborate some more on your needs for LDAP admin interface?
>>
> 
> 
> Aproximately, exactly the same as lwat provides, including its
> simplicity and easy of use. I'd only add the massive account creation,
> as I've described in #602863

Do you really want to have dns in ldap ?
In a large environment, I would prefer dns in flat files, and dhcp in ldap.

> In the past I was doing something similar with lwat, but there were some
> bad implications. As an example lwat stores in its configuration the
> last used uid, instead of searching it dinamically in the ldap database,
> so sometimes there are database corruptions if other tools are used to
> create accounts.

hmm. the nextGID that is stored in ldap is only a fast-way to get the
next assumed availible (G)ID. If it's already used, lwat should
automaticly search for a free (g)id and use that one. The reason to use
this, is to speed up the search for the next(g)id. If you have a large
db you may also get an error of you are not able to fetch all (dont
remember now..)

>> Therefore: Please do describe in more detail what it is you need in 
>> Extremadura - to inspire those working on CipUX, GoSA or other LDAP 
>> tools, to help tune inot such kind of large-deployment needs (and 
>> perhaps even offer solutions concretely!).
> 
> As I've commented about, lwat fulfilled the needs quite well, except by
> its bugs. We don't need a bloated tool, just create and modify user
> accounts and machine groups from the admin point of view, and changing
> passwords for the end user interface. No more, no less.

Thanks. Mission acomplished  (almost).

If lwat creates  duplicate id's then it's a bug. I have not seen such a
bug report.

// faj

Reply to:

References:
- Bug#602863: from bind9 to powerdns and back to bind9
  - From: Holger Levsen <holger@layer-acht.org>
- Bug#602863: from bind9 to powerdns and back to bind9
  - From: José "L. Redrejo" Rodríguez <jredrejo@edu.juntaextremadura.net>
- Need in Extremadura for LDAP admin interface
  - From: Jonas Smedegaard <dr@jones.dk>
- Re: Need in Extremadura for LDAP admin interface
  - From: José "L. Redrejo" Rodríguez <jredrejo@edu.juntaextremadura.net>

Prev by Date: Re: r72930 - trunk/src/debian-edu-config/debian
Next by Date: WebSVN broken for Debian Edu on svn.debian.org
Previous by thread: Re: Need in Extremadura for LDAP admin interface
Next by thread: Re: Bug#602863: from bind9 to powerdns and back to bind9
Index(es):
- Date
- Thread