LdapIntegrationSpec

Summary

Create packages in the spirit of dovecot-postfix that integrate services with a predefined LDAP structure. Also make packages that make the installation of a LDAP server with this predefined structure as simple as "apt-get install ubuntu-server-ldap"

Rationale

The idea of having a single user database for multiple services on a server is very common. The most used solution to this problem is famous : LDAP. Unfortunatly, LDAP is also very complex to setup by itself and you have to dig into every single application to make them communicate with your LDAP.

The idea of packages that make life of administrator easier is a gorgeous achievement. The first one being dovecot-postfix. Now, you only have to apt-get install a package where before you had to through a hundred of bookmarked howtos.

It makes sense to do the same for ldap integration. Possible packages include postfix-ldap, dovecot-ldap, ejabberd-ldap, apache2-ldap, trac-ldap, ...

Use Cases

  • Snoopy wants to set up a server where each mail adress is equivalent to a Jabber adress.
  • Linus wants to have multiple website on his Apache2 installation but he wants the accounts to be the same for each website.
  • Lucy has installed by hand (not by apt) a multi-blog platform that can talk to LDAP. She wants that her mail server to be ready so that each mail account is also a blog account.
  • Charlie is a MOTU and he's packaging the cool-php web application. He just realize that the php application can use LDAP. He creates a cool-php-ldap package so people can easily integrate cool-php with LDAP.

Scope

This if spec if not intended to be a default installation. The goal of this spec is to define a given usecase that people can simply install on their server. People wanting for flexibility would have to uninstall the *-ldap packages and do their configuration accordingly.

Design Goals

  • Define the schemas of a good default LDAP database.
  • Provide packages to easily install this ldap schemas
  • Provide packages for services that could be connected to this LDAP structure.
  • Provide an administrative interface to easily add/remove user to the whole system.

Implementation

Proposed package layout procedure

Outstanding Issues

  • Policy to allow users to change their password
  • What should be the login ? The LDAP account ID or another LDAP field (the email adress) ?

BoF agenda and discussion

Comments

Please feel free to discuss this spec on the Ubuntu -devel mailing list or at /talk


CategorySpec

LdapIntegrationSpec (last edited 2009-04-22 09:17:35 by mail)