Andrey Ivanov wrote:
I continue with my list
Thanks - I've added many of these
to the list - questions below.
* the server should be able to return the members of dynamic groups
"on the fly" as if it were real members, the membership attribute
should be configurable - uniqueMember, member or another
I put this on the Future
list:
Dynamic group expansion
* Define a dynamic group, and have the member/uniqueMember attribute
of this group automatically be populated by the server
* clients can then just search for member like with a regular static
posix group
* support of other virtual attributes generated "on the fly"
Can you
explain this a little more?
* pam passthrough plug-in should take into account at least the
account activation/desactivation (bug *470684*
<
https://bugzilla.redhat.com/show_bug.cgi?id=470684> ). There is a
comment about some additional useful features it in th README file of
this plug-in :
We need to worry about account expiration or lockout e.g. the user's
credentials are valid but the user has been locked out of his/her
account, or the password has expired, or something like that. Some of
this can be handled by LDAP e.g. returning password policy control
values when the password has expired.
* a way to synchronise the configuration of indexes (each time we add
an index on one of the replicated servers we need to make it manually
on all the others) and some other parameters in "cn=config" between
the replicated servers (a little like the "configuration" partition
in active directory), the schema changes are already replicated which
is very good
I'm calling this feature "Configuration replication" - I
think it could
be useful for other sorts of configuration.
* enforced attribute syntax validation
Already on the list - Syntax validation
checking
* re-verify and validate conformance of the syntaxes, case sensitivity
and their matching rules to RFC
(
https://www.redhat.com/archives/fedora-directory-users/2008-July/msg00041...)
Already on the list
* unix socket autobind still does not seem to work (ldapi) -
https://www.redhat.com/archives/fedora-directory-users/2009-February/msg0....
It could be very useful for various maintenance scripts running on the
server.
We tested this with 1.2.0 and it seems to work. You tested a build from
source? Did you use --enable-autobind with configure? Did you restart
the server after configuring your autobind and sasl mapping?
* verification of the server from the viewpoint of memory leaks. Th
size of the memory used by the server grows with time (normally we
don't restart the sevrr during several months, so i can follow the stats)
We
regularly run the server test suite with valgrind enabled. I'm not
aware of any per connection or per operation leaks. What exactly are
you seeing?
* logconv.pl - very useful script, add some more options/ adjustments
(for example, a switch to hide unindexed searches in verbose mode). We
use it as logwatch.
* a perl script to show the replication statistics (there is one for
the we page generation statistics, something more basic, text-only
would be very welcome) in text mode - to receiveth reports by mail
once per day like logwatch for example
What sort of information are you looking
for? ldapsearch can provide
most of the useful information.
* regular expressions in ACIs (i know, it is very difficult to do, so
maybe somewhere in the timescale of the version 10.0 ? :)) - for
example, allow a user to add or modify a value just in case the new
value mathes the regex. Or the group or dn of the user matches the
regex...
You can do some of that currently with targetattrfilters - see
*http://tinyurl.com/3yo88r
We added support in 1.2.0 to allow you to specify group membership with
LDAP search specifications, which does allow some wildcarding, so that
might help too.
*
* simplify the creation of new syntaxes and their validation/
enforcement (version 11.0? :))
Can you elaborate?
* virtual views allowing to map not only the trees but also the
attributes ('cn' instead of 'uid' in a subtree, for example)
Can
you elaborate?
* enable regex in certmap.conf for mapping the CNs of the certificates
during the certificate authentification of users
This is on the list as
Get rid of certmap.conf - use SASL mapping (cert auth is really just
SASL/EXTERNAL)
The sasl mapping code uses regular expressions
Other than that i just want to emphasize the great job you are doing
adding new features and especially the fantastic reactivity in fixing
some critical server bugs (usually it takes only one or two days to
have the necessary diff in bugzilla!)
Thank you and please continue the development of this directory server!
And thank
you for your suggestions.
Thanks - I've added these notes to
http://directory.fedoraproject.org/wiki/Roadmap#Version_1.3
Anyone else? C'mon - surely you have an opinion about a new
feature.
Thanks for all your hard work on this!
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users