Re: [Ldap-users-devel] TODO/wish list

[Fernando L. <fer...@lo...>]

Hi Wil,

 >Looking over the feature set and TODO list on the web site, I see a
 >few things that would be really nice to have.  I've d/l'd an older
 >version and will be getting the CVS shortly, but while I've been
 >meaning to do some LDAP programming, I haven't (and I haven't done
 >Perl in quite some time...).
 >
The current 0.0.2pre is the same one as in CVS. I have new code at
another location, but the internet link is down and I could not commit.
Today my priority is solving bugs on OpenLDAP 2.x and include group and
shadow support.

 >Here are some things I'd like to see (some of which aren't important
 >for me immediately, but could help make this really killer):
 >
 > o Remote creation of home directories.  I haven't delved into
 > the Webmin API yet, but doesn't it have an internal protocol for
 > communicating with other webmin servers?  I see that it creates
 > home directories (missed this earlier), but can it do it remotely?
 >
As far as I know webmin has no way of making this. Actually it would be
a big security hole. I think if you have network logons (LDAP, NIS, etc)
you should have your home dirs on a NFS server, so the user has its
dot-files (his personal settings) everywhere he goes.

 >o Setting of 'host' attribute, based (perhaps) on a pre-configured
 > list hosts.  pam_ldap can use this to limit logins only to
 > specified hosts.
 >
Nice idea. I didn't know pam_ldap uses this. What's the object class of
this attribute?

 >o A "user" version, with administrator-configurable paramters that
 > can be changed.  For example, as an ISP I might want users to only
 > be able to change their passwords and possibly mail forwarding
 > (and perhaps hook into a vacation program); as a corporate admin,
 > I might want to allow users to change full names, office locations,
 > etc. from GECOS, and shell.  Initially just a password-change
 > module would be adequate.
 >
I guess webmin support this kind of user delegation of administrative
rights (this is the to-do list webmim acls), but openldap permissions
would to this also, but it would be outside the scope of my module, this
would be a feature of the openldap module.

 >o Automatic creation of Cyrus IMAP mailboxes.  Is it possible
 > to simply call the existing Cyrus IMAP Webmin module to do the
 > creation?
 >
I don't know and I have no experience with Cyrrus. But I agree this is a
great idea. It would be very nice if you could investigate.

 >o Ability to also set passwords for Samba (2.2.2 has excellent
 > LDAP-user support, according to a friend of mine who re-wrote it).
 >
I plan to study this. Actually I got a patch to use smbpasswd but have
not aplied it because of lack of time and now I fear there would be too
many changes.

 >o Passwords for SASL auth, based (perhaps) on the Cyrus-SASL LDAP
 > patch at http://cyrus-utils.sourceforge.net/.
 >
I have to study SASL to do this. I am a complete newbie to LDAP. I
created the module to solve a very specific customer problem. :-)

 >o Ability to set per-user RADIUS attributes for FreeRADIUS
 > (http://www.freeradius.org)
 >
Nice idea.

 >Looking at the web site, it appears that 0.0.2pre isn't 100%
 >compatible with OpenLDAP 2.0, but it *seems* like only Outlook
 >attributes are missing?  Is this correct?
 >
Yes, this is right. I implement Outlook atributes by trial and error,
with no knowledge of the LDAP schema used. I think the bugs will be out
(and compatibility fixed with openldap 2.x and outlook) when I use the
correct objectclasses and mandatory attributes.


[]s, Fernando Lozano