On 06/10/10 19:22, Nick Douma wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Joe,You appear to be about to reinvent Active Directory. There's quite a bit of material around the Net concerning that. Look particularly at Group Policy within domains.I indeed did check briefly, but came to the conclusion that LDAP was mostly suited for authentication, because it's not really possible (or supported by the various applications) to store the complete configuration in LDAP, as I initially did expect. The tips on Puppet and Cfengine seem to match more what I want to do. That is defining in LDAP that "there is an Apache vhost with these general parameters" and letting Puppet/Cfengine handle the actual creation of the config file. If I'm wrong, please correct, as I started this discussion to learn :P.
Sorry, I didn't mean to suggest any implementation details, just that MS have been doing this for many years now, and there may be aspects of Group Policies that would interest you. While LDAP may not be the way to store detailed configurations, it lends itself well to the creation of a hierarchy of policies.
Also, if you do implement this for Windows machines, by way of remote registry writing, you may need to avoid stepping on the toes of the local policies. If you are working with domain machines, you will almost certainly need to alter the domain policies themselves rather than try to fight the domain controllers for mastery of the computers.
It took MS a while to get this to an acceptable stage, and there are still a few oddities, but there's no reason not to pick up any tips you can from them. And before anyone jumps in, I have learned considerable respect for Microsoft's programmers, and considerable sympathy for the way they are treated by the marketing men.
-- Joe