Re: [Cooker] More LDAP support in draktools?
François Pons wrote: > Le lun 06/01/2003 à 18:23, Buchan Milne a écrit : >>I was wondering if there were some applications that would apply to >>Mandrake. Some examples: >> >>1)urpmi support for ldap, so that on every boot (and via cron?) machines >>would check which software they: >>a)Must have >>b)should not have > > > This is the generic problem of distributed urpmi but with a lesser > extend. It means if almost everyone login at the same time, there will > be a lot of traffic downloading files ? Only if they all need new packages. Assuming not everyone runs cooker (;-)) this shouldn't occur too often, and hopefully large roll-outs would happen via cron. The biggest advantage though comes when installing a new machine, you can auto-install the machine as basic as you like, and on first boot it will find urpmi sources and install site-specific packages assigned to the machine (or it's OU, say when PTC releases their linux version of Pro\Engineer, and we have converted all our CAD stations to Mandrake ;-)), when the user logs in, user-specific software would be installed (say our Kylix users). In most cases, software installation would not be that frequent. Updates can just be pulled nightly from a custom update source, so updates shouldn't really be affected at al. BTW, I haven't really played with --parallel much yet ... > > This could be another tools (of urpmi suite) allowing such behaviour, > for me it looks like better in that way. > Sure. > But I think adding or removing a software is very hard for the user, it > removes a lot of freedom ? > Proprietary licenses remove freedom ... especially when they don't have network-licenses ... this would just make it easier to control aspects of software distribution. In most cases one wouldn't add too many Conflicts (except maybe nmap and other cracking tools) on most machines. > >>and automatically install/remove the software. This >>2)urpmi support for configuring urpmi sources in ldap >>See above, assume you have a new application you want to roll out to all >>desktops, create a new urpmi source which as the app, add the package to >>list of required packages for the OU containing the machines, and go home. >>(yes, there is overlap with urpmi --parallel). > > > Of course it overlaps, see above. > > It remove all the benefit of --parallel on bandwith. > I haven't used --parallel, so don't know what advantages it has in bandwidth ... but assuming urpmi would run via cron, you could schedule the LDAP mod to occur after-hours. > >>3)msec support for ldap, so that security policies can be implemented >>per OU (including inheritance etc). > > > Adding this to urpmi will imply adding this to msec as well ? Not necesarrily, but there would be great advantage to being able to modify msec behaviour via LDAP, at present the best was is a conficuration rpm which contains : [bgmilne@bgmilne bgmilne]$ cat /etc/cae/security/msec/level.local #!/usr/bin/python from mseclib import * allow_user_list(0) [bgmilne@bgmilne bgmilne]$ cat /etc/security/msec/level.local #!/usr/bin/python from mseclib import * allow_user_list(0) (user lists aren't that useful with LDAP and 100+ users) The post-install script in our cae-conf package updates all config files that exist in /etc/cae or /usr/cae (thanks kdm ...). > > And sorry for answering lately, No problem. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Re: [Cooker] More LDAP support in draktools?
Le lun 06/01/2003 à 18:23, Buchan Milne a écrit : > First I must just say that over the holidays I read (or skimmed) most of > the book "Mastering Windows 2000", and learnt quite a bit, mostly that > Windows 2000's support for Active Directory makes quite a few important > features available, such as automatic software installation (based on > membership of an LDAP OU and possible of a group also) for users (ie log > in, you should have visio2002, and it is installed, someone else logs in > who shouldn't have it, and it is removed) and for machines (on next user > login, machines will install any new software assigned to their OU) and > many other features (mostly collectively called Group Policy Objects). > > (Note that in AD, all computers joined to a domain have an account, with > samba domain controllers this is also usually the case, except with the > new optional nua - No User Account - sam backends in samba3). > > I was wondering if there were some applications that would apply to > Mandrake. Some examples: > > 1)urpmi support for ldap, so that on every boot (and via cron?) machines > would check which software they: > a)Must have > b)should not have This is the generic problem of distributed urpmi but with a lesser extend. It means if almost everyone login at the same time, there will be a lot of traffic downloading files ? This could be another tools (of urpmi suite) allowing such behaviour, for me it looks like better in that way. But I think adding or removing a software is very hard for the user, it removes a lot of freedom ? > and automatically install/remove the software. This > 2)urpmi support for configuring urpmi sources in ldap > See above, assume you have a new application you want to roll out to all > desktops, create a new urpmi source which as the app, add the package to > list of required packages for the OU containing the machines, and go home. > (yes, there is overlap with urpmi --parallel). Of course it overlaps, see above. It remove all the benefit of --parallel on bandwith. > 3)msec support for ldap, so that security policies can be implemented > per OU (including inheritance etc). Adding this to urpmi will imply adding this to msec as well ? And sorry for answering lately, François.
[Cooker] More LDAP support in draktools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First I must just say that over the holidays I read (or skimmed) most of the book "Mastering Windows 2000", and learnt quite a bit, mostly that Windows 2000's support for Active Directory makes quite a few important features available, such as automatic software installation (based on membership of an LDAP OU and possible of a group also) for users (ie log in, you should have visio2002, and it is installed, someone else logs in who shouldn't have it, and it is removed) and for machines (on next user login, machines will install any new software assigned to their OU) and many other features (mostly collectively called Group Policy Objects). (Note that in AD, all computers joined to a domain have an account, with samba domain controllers this is also usually the case, except with the new optional nua - No User Account - sam backends in samba3). I was wondering if there were some applications that would apply to Mandrake. Some examples: 1)urpmi support for ldap, so that on every boot (and via cron?) machines would check which software they: a)Must have b)should not have and automatically install/remove the software. This 2)urpmi support for configuring urpmi sources in ldap See above, assume you have a new application you want to roll out to all desktops, create a new urpmi source which as the app, add the package to list of required packages for the OU containing the machines, and go home. (yes, there is overlap with urpmi --parallel). 3)msec support for ldap, so that security policies can be implemented per OU (including inheritance etc). Comments? Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+GbuirJK6UGDSBKcRAtJ/AJ9DHITBG7fq7yAGn8CmguemWnLVggCghFCI 7o0IlgBgvE84wATRp7MJw08= =wfn6 -END PGP SIGNATURE-