RE: [Ldap-users-devel] TODO/wish list

[Tarjei <ta...@nu...>]

Hi,

I thought I'w provide some input on these:

o Remote creation of home directories.  I haven't delved into
 the Webmin API yet, but doesn't it have an internal protocol for
 communicating with other webmin servers?  I see that it creates
 home directories (missed this earlier), but can it do it remotely?
There's a way by using a certain pam module.


 o A "user" version, with administrator-configurable paramters that
 can be changed.  For example, as an ISP I might want users to only
 be able to change their passwords and possibly mail forwarding
 (and perhaps hook into a vacation program); as a corporate admin,
 I might want to allow users to change full names, office locations,
 etc. from GECOS, and shell.  Initially just a password-change
 module would be adequate.

I agree!

 o Ability to also set passwords for Samba (2.2.2 has excellent
 LDAP-user support, according to a friend of mine who re-wrote it).
Yes! I'm using tng-ldap, the schemas are quite simmilar, so it should be 
fairly easy to let both.I've looked at doing something in php, but a 
webmin module might do the job :)

 o Passwords for SASL auth, based (perhaps) on the Cyrus-SASL LDAP
 patch at http://cyrus-utils.sourceforge.net/.
? The ldap patch makes SASL go into the userPassword attribute to check 
the crypted password. Using sasl, openldap will go through sasl (or 
kerberos) to read the password stored there.

Anyhow, I think there's a ldap method for adding sasl/kerberos passwds. 
I do not know if it is implemented in perl though.
just my 0.2 cents

Tarjei


 o Ability to set per-user RADIUS attributes for FreeRADIUS
 (http://www.freeradius.org)

 o Possibly other password schemes...

Of these, only the first 2 are important to me right now.  The next
2 would be *nice*.

Looking at the web site, it appears that 0.0.2pre isn't 100%
compatible with OpenLDAP 2.0, but it *seems* like only Outlook
attributes are missing?  Is this correct?