On Fri, 2005-03-25 at 16:33 -0500, Johnathan Bailes wrote: > Vision is terribly important but a few people here have made the > obvious declaration that a number of complex tasks in Linux have been > scripted, automated and configured for the use of guis. > > Considering the work the "competitors" over at Suse have done with > yast tools for setting up ldap, and samba and such it should seem to > be a kick in the butt for RH and the Fedora community. But then > again, if you use that you have to worry about Suseconfig hosing your > manual settings in the background so it ain't worth it. > > But come one RH tools at least the ones I have used tend to do things > right like just adding stuff to the bottom of a config and not > completely erasing your manual settings. > > What is needed for a full OpenLdap, Kerberos, Samba (OpenDirectory) > style solution? > > Just two things. > > 1) Setup druid -- Automatically yum installs any needed packages you > don't have installed and run through the initial configuration of > making a linux "domain" with secure authentication and samba sharing > of directories all in one shot. > > 2) Directory Administrator -- available already at > http://diradmin.open-it.org/index.php for initial setup of users and > the conitnued maintenance of LDAP. > > It seems like half the battle is in essence already won. > > All we need is the setup part for the complete package. > > I love my command line but something this large and complex begs for > the kinds of scripts and a solution like I just mentioned above. > > This kind of we can do without a gui or in Sun's case with NIS+ we > won't make a gui until its too late and try to charge for it kind of > thinking that is fine for the old-timer BOFH but kills the newb. > > Come on, if frickin' Apple can do an OpenDirectory solution then > RedHat and Fedora can. Half the stuff Apple uses if opensource stuff > with a cute gui in front. ---- I actually was gonna mention OpenDirectory earlier in the thread but that just seemed to be off at another end of the spectrum. I played with 'Directory Administrator' when I first set up LDAP - it didn't support samba 3 schema (perhaps they have updated it) - it was a bitch to get installed (all of the GTK libraries and stuff), and though it was pretty and visual, I found a better path - webmin. SuSE isn't the issue - Microsoft has a fairly complete implementation of LDAP/kerberos/Windows SAM stuff and you can shoehorn in the Posix stuff if you figure it out. OpenDirectory isn't a complete implementation...neither is SuSE's - just a basic setup that doesn't have value to experienced administrators. If you want to use either for mail aliases (which I do to get rid of stupid /etc/alias & /etc/mail/virtusertable editing), mail routing, personal address books (there clearly is no standard schema here - every mail & address book has their own concept), autofs, certificates, or any of the things that really represent decent LDAP integration, those tools are all out the window. Red Hat doesn't even distribute a Kerberos that really works with AD - so a full implementation isn't even possible at the present. Red Hat has a TON of RHEL users that have been using 2.0.27 that won't be able to migrate to 2.2.13 (RHEL-4/FC-3) because of structural object classes. Samba just released 3.0.12 (stable - but has some noted bugs and 3.0.13 is on the way) that just changed the samba.schema (again) - Then to top it off, openldap-2.2 is pretty much on the way out, feature frozen, no changes except bug fixes at this point - openldap-2.3 is well into beta and the first stable 2.4 version can't be too far out now. It's a great concept to make a 'user friendly' LDAP base setup but it has so many pitfalls, that it seems that it would engender more angst than satisfaction. If what you want is an incomplete LDAP solution bundled into RHEL or Fedora (if Fedora is the testing ground, is anything like this in Fedora 4 test 1?) - shouldn't there be some discussion of this not here but in Fedora-development list or RHEL development list? Craig
