[Ldap-users-devel] Re: Ideas for new directions

[Fernando L. <fer...@lo...>]

Hi Wil,

>I've been thinking about the ldap-users module, and I think it needs
>to go in a slightly more general direction.  I've started working
>with Webmin put together this little not-entirely-functional demo.
>It basically rips out Fernando's work and moves it into a more
>general framework.  One thing I wanted to was to be able to manage a
>number of different system databases from Webmin, like users, groups,
>hosts, etc., but also construct the interfaces in a general enough
>manner that it could apply to other database/directory types, such
>as the nss_mysql, nss_db, etc.  So here's what I've put together
>so far.  I'm going to continue working on it, moving it in this
>direction and implementing the features I want.
>
I never though this way, but if you can come with a nice design I guess 
you should talk to Jamie Cameron about getting your design into the 
standard Users and Groups module.

When I created my module the focus was not on just managing Posix users 
on another name service -- it was about unifying Posix user management 
with e-mail address book management. So I though about preserving Posix 
semantics while supporting atributes that are unknown to Posix.

Think about how your design will accomodate the differences. For 
example, I cannot tell LDAP "there can be no two records with the same 
value for the uidnumber atribute" but I can tell this to MySQL. So the 
first has to be programmed on the webmin module but the second does not. 
Think also about how you'll display and edit non-Posix information. For 
example, I think an nss_mysql module should be integrated with managing 
mysql grant tables.

My plans for the future (not near future) include design something that 
allows easy plugability of new object classes (for example, samba ldap 
attributes, or raduis atributes)

As far as I know, the NSS interface provides no way for changing 
information -- just querying. Is that true?


[]s, Fernando Lozano