Greetings,

with the Lucid release cycle nearing its completion, it's
time to start looking forward to our next release: Maverick
Meerkat.

Following tradition, we'll kick off the Maverick development
cycle with a Ubuntu Developer Summit[1] in the 2nd week of
May. To help us make the most of that week, we've started
a wiki page[2] to collect all ideas and feedback regarding
the Ubuntu Server, which we'll use as input to the individual
sessions at UDS:

There's a braindump area at the top; anything goes and all
ideas are welcome. If you have anything you'd like to see
changed in Maverick, we'd love to hear about it!

If you'll be attending UDS and already have a topic for a
session you'd like to lead, please suggest it in the 'UDS
Sessions' section at the bottom of the page. Be sure to
add your name to it and a link to the matching blueprint
in Launchpad.

I'm very much looking forward to your contributions and
hope to see you in person at UDS.

-Jos

[1] http://summit.ubuntu.com/uds-m/
[2] https://wiki.ubuntu.com/ServerTeam/MaverickIdeaPool

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

> Lähettäjä: "Jos Boumans" <jos.boumans@canonical.com>

> with the Lucid release cycle nearing its completion, it's
> time to start looking forward to our next release: Maverick
> Meerkat.

Hello,

Are there plans regarding ldap/kerberos user management and authentication? Launchpad has quite a few old blueprints around these, but I haven't been able to find information about long term plans.

I've been using ldap/kerberos to run school networks and it certainly is possible to get these working for production, but it's not always easy. Especially now that schools are integrating more and more web based applications that integrate with ldap, it is becoming a critical piece in the setup. There are often quite a few parties involved running the setups and usually there are also non-Ubuntu systems involved.

I wrote more about the issues on the edubuntu-devel mailing list:
https://lists.ubuntu.com/archives/edubuntu-devel/2010-April/003431.html

As I really haven't been involved in Ubuntu development, I do not know what the plans are and how to get involved. Schools have several domain specific needs that are probably not useful elsewhere, but having a solid common ground could help building the tools for schools. I hope I can help with something if there are plans on this front. Lucid is looking really good and I can only imagine what could be built on it.

Veli-Matti

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

On Sat, Apr 24, 2010 at 9:24 AM, Veli-Matti Lintu <veli-matti.lintu@opinsys.fi> wrote:


> Lähettäjä: "Jos Boumans" <jos.boumans@canonical.com>



> with the Lucid release cycle nearing its completion, it's

> time to start looking forward to our next release: Maverick

> Meerkat.



Hello,



Are there plans regarding ldap/kerberos user management and authentication? Launchpad has quite a few old blueprints around these, but I haven't been able to find information about long term plans.





I would like to propose a blueprint for a base directory setup tool based on the OpenLDAP-DIT project:*https://launchpad.net/openldap-dit. *The current branch adds schemas and objects for DNS, DHCP, etc and these may be more work than I have time for.


As many have noted there is a need for a tool/process to get a base directory created for those users who don't know a lot about LDAP. *As a starting place using a simpler version of the openldap-dit-setup.sh script that just creates the base DC, OUs, admin user, etc is a reasonable goal for Maverick. *


I know directory services are not a hugely high priority for the full time members of the Server Team, but are of great interest to many of the same members. *I should have time this cycle to work on such a blueprint to hopefully have an easier way to get starting using OpenLDAP on Ubuntu Server.


Please let me know your ideas and if this is a worth while project for a community member.
--
Party On,
Adam


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

I second this.

I am attempting (unsuccessfully) to get an Open LDAP setup so that I can
perform authentication across systems and services.

It would be ideal if there were an easy way to setup LDAP and via some basic
questions, get you up an running.

I'm all for helping out on such an endevour (from the "what I need it to do"
department and not the technical of LDAP.. which I am weak on).

> On Sat, Apr 24, 2010 at 9:24 AM, Veli-Matti Lintu <
>
> veli-matti.lintu@opinsys.fi> wrote:
> > > Lähettäjä: "Jos Boumans" <jos.boumans@canonical.com>
> > >
> > > with the Lucid release cycle nearing its completion, it's
> > > time to start looking forward to our next release: Maverick
> > > Meerkat.
> >
> > Hello,
> >
> > Are there plans regarding ldap/kerberos user management and
> > authentication? Launchpad has quite a few old blueprints around these,
> > but I haven't been able to find information about long term plans.
>
> I would like to propose a blueprint for a base directory setup tool based
> on the OpenLDAP-DIT project: https://launchpad.net/openldap-dit. The
> current branch adds schemas and objects for DNS, DHCP, etc and these may
> be more work than I have time for.
>
> As many have noted there is a need for a tool/process to get a base
> directory created for those users who don't know a lot about LDAP. As a
> starting place using a simpler version of the openldap-dit-setup.sh script
> that just creates the base DC, OUs, admin user, etc is a reasonable goal
> for Maverick.
>
> I know directory services are not a hugely high priority for the full time
> members of the Server Team, but are of great interest to many of the same
> members. I should have time this cycle to work on such a blueprint to
> hopefully have an easier way to get starting using OpenLDAP on Ubuntu
> Server.
>
> Please let me know your ideas and if this is a worth while project for a
> community member.
_______________________________________
Roderick B. Greening, B.Sc.
Paradise, NL Canada
E-mail/MSN: roderick.greening@gmail.com
LP: launchpad.net/~roderick-greening
Wiki: wiki.ubuntu.com/rgreening
Blog: roderick-greening.blogspot.com
Twitter: twitter.com/rgreening
Identica: identi.ca/rgreening

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/27/2010 04:47 PM, Roderick B. Greening wrote:
> I second this.
>
> I am attempting (unsuccessfully) to get an Open LDAP setup so that I can
> perform authentication across systems and services.
>
> It would be ideal if there were an easy way to setup LDAP and via some basic
> questions, get you up an running.
>
> I'm all for helping out on such an endevour (from the "what I need it to do"
> department and not the technical of LDAP.. which I am weak on).

Hi, I created openldap-dit.

The goal of the openldap-dit project was never to create a set of tools
to create users and other objects in the directory, but rather setup a
basic tree, with reasonable default ACLs, on which new LDAP
administrators could build on and have a starting place for whatever
setup they wanted. I know trees can take many shapes and forms.

It can surely be simplified by removing dns and dhcp, which are the most
complex branches in there I think, specially since bind in ubuntu
doesn't work with ldap so well.

I also think that the move to cn=config made it more difficult, if not
impossible, for people not familiar with ldap to get to a starting
point, at least without something like a default dit with an admin and
some basic ACLs. The DIT I created I think helps, and I would love to
hear some feedback about people who tried to use it. I know some of its
pain points, but without people complaining or using it I don't have
much motivation to fix it. And I'm at fault with that, because I never
exactly made it very public.

- --
Andreas Hasenack
andreas@canonical.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvYZjMACgkQeEJZs/PdwpCkpgCfeK46PCXwtBcax3bSJEIbsbO/
tjIAoMim4vfjAuiIu97eOCKGChTktTZh
=aJi9
-----END PGP SIGNATURE-----

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Hi,

On Tue, Apr 27, 2010 at 05:17:00PM -0230, Roderick B. Greening wrote:
> > >
> > > Are there plans regarding ldap/kerberos user management and
> > > authentication? Launchpad has quite a few old blueprints around these,
> > > but I haven't been able to find information about long term plans.
> >
> > I would like to propose a blueprint for a base directory setup tool based
> > on the OpenLDAP-DIT project: https://launchpad.net/openldap-dit. The
> > current branch adds schemas and objects for DNS, DHCP, etc and these may
> > be more work than I have time for.
> >
> > As many have noted there is a need for a tool/process to get a base
> > directory created for those users who don't know a lot about LDAP. As a
> > starting place using a simpler version of the openldap-dit-setup.sh script
> > that just creates the base DC, OUs, admin user, etc is a reasonable goal
> > for Maverick.
> >
>
> It would be ideal if there were an easy way to setup LDAP and via some basic
> questions, get you up an running.
>
> I'm all for helping out on such an endevour (from the "what I need it to do"
> department and not the technical of LDAP.. which I am weak on).
>

I think this is a great idea. Basing the work on the openldap-dit project is a
good start.

I would focus on:

1. Identifying which use cases should be covered:
* user and group management.
2. Creating a DIT that can be used to cover the use cases:
* openldap-dit is a good starting point.
3. Creating a package that asks basic questions and setup the DIT.
4. Looking into administration tools:
* CLI to cover the basic use cases - ldapscripts is useful.

I'd suggest to file a blueprint and discuss it at UDS if you wanna hash out the
plan for Maverick.

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Hi Andreas,

i just took a look on your your work and I agree to Mathia[sz] thats a good start.
I think of a debconf menu similar to the nss_ldap and openldap-client one's, that is asking you for your needs to build some ldifs from a base.

I havn't tested your script, maybe its already doing this in your scripting way. That should be as system-compliant as possible, in the way it uses the given tools.

Just my small opinion.

Anyway, you did good work by collecting the information and building the different ldif's for the diferent purposes.

Sometime when I search for some Information about OpenLDAP, its major pain in the ass to find anything useful on the net or on the mailing list that fits your needs.

Hopefully, this is getting integrated to make the really interesting stuff of ldap a really useful stuff, even in small networks where the admin hasn't heard about central user/whatever management ever.


Glad to see you active here.

Bye, Benjamin.

On Wed, Apr 28, 2010 at 18:45, Andreas Hasenack <andreas@canonical.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



On 04/27/2010 04:47 PM, Roderick B. Greening wrote:

> I second this.

>

> I am attempting (unsuccessfully) to get an Open LDAP setup so that I can

> perform authentication across systems and services.

>

> It would be ideal if there were an easy way to setup LDAP and via some basic

> questions, get you up an running.

>

> I'm all for helping out on such an endevour (from the "what I need it to do"

> department and not the technical of LDAP.. which I am weak on).



Hi, I created openldap-dit.



The goal of the openldap-dit project was never to create a set of tools

to create users and other objects in the directory, but rather setup a

basic tree, with reasonable default ACLs, on which new LDAP

administrators could build on and have a starting place for whatever

setup they wanted. I know trees can take many shapes and forms.



It can surely be simplified by removing dns and dhcp, which are the most

complex branches in there I think, specially since bind in ubuntu

doesn't work with ldap so well.



I also think that the move to cn=config made it more difficult, if not

impossible, for people not familiar with ldap to get to a starting

point, at least without something like a default dit with an admin and

some basic ACLs. The DIT I created I think helps, and I would love to

hear some feedback about people who tried to use it. I know some of its

pain points, but without people complaining or using it I don't have

much motivation to fix it. And I'm at fault with that, because I never

exactly made it very public.



- --

Andreas Hasenack

andreas@canonical.com



-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.10 (GNU/Linux)

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/



iEYEARECAAYFAkvYZjMACgkQeEJZs/PdwpCkpgCfeK46PCXwtBcax3bSJEIbsbO/

tjIAoMim4vfjAuiIu97eOCKGChTktTZh

=aJi9

-----END PGP SIGNATURE-----



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra



--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Hi Andreas,

i just took a look on your your work and I agree to Mathia[sz] thats a good start.
I think of a debconf menu similar to the nss_ldap and openldap-client one's, that is asking you for your needs to build some ldifs from a base.


I havn't tested your script, maybe its already doing this in your scripting way. That should be as system-compliant as possible, in the way it uses the given tools.

Just my small opinion.

Anyway, you did good work by collecting the information and building the different ldif's for the diferent purposes.


Sometime when I search for some Information about OpenLDAP, its major pain in the ass to find anything useful on the net or on the mailing list that fits your needs.

Hopefully, this is getting integrated to make the really interesting stuff of ldap a really useful stuff, even in small networks where the admin hasn't heard about central user/whatever management.



Glad that you made such a step on your own.

Bye, Benjamin.

On Wed, Apr 28, 2010 at 18:45, Andreas Hasenack <andreas@canonical.com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



On 04/27/2010 04:47 PM, Roderick B. Greening wrote:

> I second this.

>

> I am attempting (unsuccessfully) to get an Open LDAP setup so that I can

> perform authentication across systems and services.

>

> It would be ideal if there were an easy way to setup LDAP and via some basic

> questions, get you up an running.

>

> I'm all for helping out on such an endevour (from the "what I need it to do"

> department and not the technical of LDAP.. which I am weak on).



Hi, I created openldap-dit.



The goal of the openldap-dit project was never to create a set of tools

to create users and other objects in the directory, but rather setup a

basic tree, with reasonable default ACLs, on which new LDAP

administrators could build on and have a starting place for whatever

setup they wanted. I know trees can take many shapes and forms.



It can surely be simplified by removing dns and dhcp, which are the most

complex branches in there I think, specially since bind in ubuntu

doesn't work with ldap so well.



I also think that the move to cn=config made it more difficult, if not

impossible, for people not familiar with ldap to get to a starting

point, at least without something like a default dit with an admin and

some basic ACLs. The DIT I created I think helps, and I would love to

hear some feedback about people who tried to use it. I know some of its

pain points, but without people complaining or using it I don't have

much motivation to fix it. And I'm at fault with that, because I never

exactly made it very public.



- --

Andreas Hasenack

andreas@canonical.com



-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.10 (GNU/Linux)

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/



iEYEARECAAYFAkvYZjMACgkQeEJZs/PdwpCkpgCfeK46PCXwtBcax3bSJEIbsbO/

tjIAoMim4vfjAuiIu97eOCKGChTktTZh

=aJi9

-----END PGP SIGNATURE-----



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra




--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

On 04/28/2010 09:45 AM, Andreas Hasenack wrote:
> with reasonable default ACLs, on which new LDAP
> administrators could build on and have a starting place for whatever
> setup they wanted
Do you or will you consider having phpldapadmin as part of this
"starting place"
Because, administering LDAP from the command line can have quite steep
learning curve vs. using the (web) gui once the dir servers is ready for
that.

Also, if LDAP is to be integrated for the DNS, powerdns
(pdns-backend-ldap) does pretty well.

--
I hate racists. Mark D. Foster<mark@foster.cc>
http://mark.foster.cc/ | http://www.freegeekseattle.org/



--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Hi Mark,

thats a quite good idea, at the moment I prefer Apache Directory Studio.
When you have got a client system to manage the server, its imo the better solution to administer your DIT.
Its available for lnx, win and mac. Therefore it covers the most platforms.


Bye.

On Wed, Apr 28, 2010 at 19:16, Mark Foster <mark@foster.cc> wrote:

On 04/28/2010 09:45 AM, Andreas Hasenack wrote:

> with reasonable default ACLs, on which new LDAP

> administrators could build on and have a starting place for whatever

> setup they wanted

Do you or will you consider having phpldapadmin as part of this

"starting place"

Because, administering LDAP from the command line can have quite steep

learning curve vs. using the (web) gui once the dir servers is ready for

that.



Also, if LDAP is to be integrated for the DNS, powerdns

(pdns-backend-ldap) does pretty well.



--

I hate racists. *Mark D. Foster<mark@foster.cc>

http://mark.foster.cc/ | *http://www.freegeekseattle.org/







--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra



--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam