-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FACORAT Fabrice wrote: > Le ven 03/10/2003 à 16:31, Buchan Milne a écrit : >
>>userdrake isn't the best way to do this. migration-tools is (IMHO), and >>I have a small script as prototype. > > just click "migrate infos", and userdrake will call the script with all > the needed informations. I don't know if userdrake is suitable for this at present. A lot of aspects are hardcoded in libuser (ou=People etc). >>>2°/ server configuration : >>>Now, when you want to set up a LDAP server you have several manipulation >>>to do ( http://www.mandrakesecure.net/en/docs/ldap-auth2.php ). This >>>wizard should do all necessary steps ( ACL, ask for users migration from >>>/etc/passwd, ... ) and just ask for needed information. >> >>Some of this can possibly be simplified using regex-based ACLs. >> >>For kerberos+ldap, we also need mapping to SASL (which I have looked at >>briefly but not tested). >> >>For LDAP setup, you would also want to do things like: >>- -setup an LDAP slave (this takes a number of steps to do, although I >>think I have a working method) > > for 10.1 ? let's begin with a rock solid base first ... no ? Plan for Enterprise-class, maybe we will have a rock-solid base in one month? (just kidding ;-)). >>- -add more schema files (this is non-trivial, as the schema files must be >>enabled on all LDAP servers before you add any attributes from the >>schema files). Schemas are also about the only thing that can't be done >>via LDAP ;-). >>- -referral and delegation support. >>- -Kerberos support for authentication of the master to the slaves for >>updates (we currently use randomly generated passwords, but Kerberos >>would be better, however then the tickets need to be renewed also). >> >>Of course, you would want to TLS/SSL the whole thing, which also means >>we need certificate management (since OpenLDAP with TLS now wants to >>have a verfiable cert for TLS). And for TLS/SSL to work right, you also >>need working DNS ... >> >>For kerberos, we need working NTP also, ideally ntpd should be able to >>find it's time server via DHCP or DNS (it has support for neither, so >>maybe some script needs to check for this). > > wow ! > Like I said, a lot of work ... > >>>3°/ directory export ( NFS/SMB ). >>>we can easily set remotes share thanks to diskdrake, but we don't have >>>the server part. >> Doesn't diskdrake share out via NFS? I am sure there was something like that? Or maybe root can with Konqueror/Nautilus? Or was that knfsplugin ... >>You can export shares from Konqueror and Nautilus. Also check out >>ksambaplugin, and swat-clone from perl-Libconf CVS. > > > it's for directory in personal directory. Yes, the default one in Konqueror and Nautils, but you haven't tried ksambaplugin: # urpmi ksambaplugin > >>>select directory to export, set ACL ( options, authorized hosts ). >> >>ACLs should be set in the filesystem instead (even MS "best practices" >>say so). > > > I misused a word. It's not ACL but permissions, see /etc/exports > > /home/mygroup 192.168.1.2(rw,nosuid) Ahh, yes, for NFS this is critical (not so critical for samba IMHO). >>Try the directory-properties thing from ksambaplugin. It can do all this >>for samba shares. > > > This need to be done by the wizard, be integrated at least for basic > stuff. For more advance settings, you can use whatever you want ( > vi/emacs/joe/ksambaplugin/webmin/.... ) You haven't used ksambaplugin, and I believe we need to cater to users who aren't vi/emacs gurus and who haven't memorised smb.conf(5). Thus the reason I advocate perl-Libconf (please, take a look at it, we will need it for this ...). At least you didn't mention swat ;-) Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/fb+xrJK6UGDSBKcRAgVNAKCPORT+EfVgnAbIszhrX8cMyiDs1ACffPrT wDOmPFLRgweRfNlOjgzpkgo= =xCTV -----END PGP SIGNATURE----- ***************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. *****************************************************************