NetworkDirectoryServices

Summary

This should provide an overview of the issue/functionality/change proposed here. Focus here on what will actually be DONE, summarising that so that other people don't have to read the whole spec. See also CategorySpec for examples.

Release Note

This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)

It is mandatory.

Rationale

This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.

User stories

Assumptions

Design

You can have subsections that better describe specific parts of the issue.

Implementation

This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:

UI Changes

Should cover changes required to the UI, or specific UI that is required to implement this

Code Changes

Code changes should include an overview of what needs to change, and in some cases even the specific details.

Migration

Include:

  • data migration, if any
  • redirects from old URLs to new ones, if any
  • how users will be pointed to the new way of doing things, if necessary.

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

This need not be added or completed until the specification is nearing beta.

Unresolved issues

This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.

UDS Karmic discussion

=  Service LDAP Integration =

* Discussion about pertinence to include everything into LDAP ?

1) Authentication, authorization and Accounting (AAA directory)

2) Technical directory :
 * other technical stuff (computers, DNS, etc.) ??

Idea : Only consider the services that affect the AAA directory ?

Nick : Idea -> being able to store any configuration file in the LDAP 
        as a blob and deploy it.
* Only for non LDAP services


 * DNS
  * Need DNS records for Kerberos
  * Default is Bind9
  * There is a BIND9 patch for LDAP store, but maintenance may be an issue.

 * DHCP : integration with DNS a +
  * May not be much advantage in storing information that was previously in config file in LDAP.
 * External patch -> Not so easy to maintain
 * Kerberos : 
  * Already discussed
 * NTP
  * Not sexy.

 * e-mail (postfix, dovecot, amavis, webmail)
 ** Lots of integration already done : aliases, distribution groups, transport table, etc.
 ** mailing-list server ? : mailman, sympa
 ** User alias -> different email address for a "real" user with a login
 ** Group alias -> route this email to a user or a group of user
 ** mail routing
 ** Access control -- greylisting, black list, white list, etc.
 
 Required:
  * Users
  * Aliases
 
 
 * File services / servers
  -> NFS, Samba
  -> Samba : already done. Pre-configure with "Ubuntu directory"
  NFSv4 : pre-configure also
  
 * Shares : user share ? group share ?
 * autofs
 * SSH
 * CUPS
 * SLP 
 
 * Database : postgres, mysql, oracle
 ** MySQL : not possible
 ** Postgres: support kerberos + ACL in LDAP.
 ** But : DBA are in another team and generaly, don't "integrate" .
 ** Make sense only if the application uses the user ID to authenticate
 
 * Sudo : 
 ** Extensively used by Ubuntu for workstation management
 
 * Sabayon : 
 ** also interesting for
 
 * Gconf : mandatory for corporate desktop.
 ** 
 
 * Asterisk : since 1.6, almost there. Already supported in upstream.
 
 * Nagios : uses simple auth so can be configured with apache
 
 * libvirt (KVM, openVZ, etc.) : can do SASL -> Kerberos -> OK
 ** Live migration: transfer the file to the new server
 ** Storage definition : not migrated | debatable : can have to be adjusted on the new server
 
 * How to integrate Apache2 with LDAP?
  * Integration specific for every web applications (Python, PHP, ruby, etc.)
  * Not only web apps, but apache should support passing the auth tickets, this means the ticket
   from a logged in user will be passed via the browser to Apache to the Directory

* Squid :
** Authentication, group : Built-in SQUID.
** White list, black list, etc.
** ACLs ? 
 
 * FTP
  * Nothing special needed.


CategorySpec

NetworkDirectoryServices (last edited 2009-06-03 17:12:01 by 207)