Hi all, On Mi 29 Sep 2021 21:48:49 CEST, Dominik George wrote:
Hi, as some of you already heard, I am in the act of modernising the Debian Edu Main Server. At Debian Reunion Hamburg, I gave an elaborate presentaiton about the ideas and concepts. I will make a write up of it, but for now the bottom line is: * LDAP and Kerberos are robust and well-established, but somewhat unflexible when it comes to decentralising services * Educational tools are moving to the web, so we need a backend for modern web applications * Debian Edu loses against alternatives like Linuxmuster because GOSa is dated, and too complex for average teachers * I want to replace GOSa, LDAP and Kerberos with AlekSIS [0] and nss-pam-webapi [1], with a row of benefits The presentation from Hamburg is here [2], without knowing how useful it is without the audio track.
FTR, I have also been in the loop for most of this, technically. I am not yet so well making friends with dropping LDAP as a directory backend. At least we must be able to control LDAP servers via AlekSIS's IDM part. I am curious on the prototype (but won't have time to look at it before November), but I wonder, if we could not leave an LDAP attached to the setup with LDAP not being the primary data backend for user/host/what-not data, but only a secondary data service that gets populated by AlekSIS's IDM part. AlekSIS then has the primary IDM data and knows all information on all its identities whereas the attached LDAP only receives a subset of information on users/data/...
Use cases, for example: a classical mailserver (e.g. Cyrus-IMAP, saslauthd, Postfix, etc.).
Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpKjgF1xOuj0.pgp
Description: Digitale PGP-Signatur