#ubuntu-directory 2007-06-21
<dendrobates> I am thinking of making changes to the slapd package.  Adding password policy support, and configuring the suffix and perhaps some other things at during package config.
<dendrobates> Anyone have any ideas?
<dendrobates> please, not everyone at once.
<robertj> hrmm
<robertj> dendrobates: you mean storing those values in debconf?
<shawarma> dendrobates: We already do the suffix config stuff?
<dendrobates> shawarma: for some reason I am only prompted for the manager password.  but I saw the suffix stuff in the template file.
<shawarma> dendrobates: Probably a priority thing.
<shawarma> dendrobates: debconf questions have different priorities. We only has questions of high or critical priority.
<shawarma> dendrobates: Possibly the suffix questions have lower priority.
<dendrobates> shawarma: I see, however that makes the created db need to be recreated in almost every case.
<shawarma> dendrobates: Yup.
<dendrobates> which makes asking the manager password useless, because it will get wiped out.
<dendrobates> I thought
<dendrobates> I thought I could use pam_ldap as an example, it does quite a bit more.
* robertj is still in the ignore-openldap and wait for fds or samba to mature
<robertj> (mode)
<dendrobates> robertj: as an actual ldap admin, what would you like to see in a default setup? Are you currently using openldap?
<robertj> dendrobates: I am currently not although I did run a directory with a few thousand objects until just this year
<dendrobates> There have been some major improvements in openldap, that should not be overlooked.
<robertj> I'd like to see a default setup that just-works with no-questions asked, and a GtkAssistant (destructive is OK) for more advanced use cases
<dendrobates> and I don't completely trust redhat to do the right thing with fds.
<dendrobates> I do agree that fds is more enterprise ready.
<dendrobates> or at least sun one was.
<robertj> dendrobates: for most users, I don't think they really care what their base is
<robertj> they just want an ou=Users,dc=local and thats fine for them
<dendrobates> robertj: if they don't care, do they even need ldap?
<robertj> dendrobates: sure they do, they want to do roaming user profiles and all the other stuff they can do on MS Server 2003 with a gui
<robertj> I see debconf kinda in the middle, and maybe not very useful
<robertj> really advanced users will just bust out vim anyway
<robertj> so that basically leaves debconf for preseeding and intermediate users
<dendrobates> true, but I've seen even seasoned admins that seem to have a mind block when it comes to directory services.
<robertj> dendrobates: I mean directory admins specifically
<robertj> if they are web guys, and they need an ldap for their new web app to auth of off, then they probably want to install the package, install the addon, and have it just work
<robertj> dc=local is just fine for those folks
<dendrobates> I would like to see pam_ldap and nss_ldap be given a url/hostname, and autoconfigure themselves, prompting when necessary.
<robertj> dendrobates: that would be nice, those are more useful because they are sensible to preseed
<robertj> the actual slapd, don't see much benefit there
<dendrobates> I will look into GtkAssistant.  I have never used it.  The real benefit I see with slapd would be configuring certain modules.
