[Fedora-directory-users] Proposed new features for 1.3

[Chris St. Pierre]

On Tue, 31 Mar 2009, Rich Megginson wrote:

> Here are some features we are considering for the next major version 
> (tentatively called 1.3).  These are not in any particular order, and this is 
> quite an ambitious list, so we're not likely to complete all of these in a 
> single release.  We would appreciate your help in prioritizing this list, 
> filling in any missing details, helping with 
> requirements/design/coding/testing/docs, and letting us know if there are 
> other features which would be nice to have.

The "Security Enhancements" section contains several particularly
important items, particularly the ability to disallow plain text
binds.  That gets asked for quite frequently on IRC.

The named pipe for logging is needed, too; I helped one FDS user who
was using my Fedora DS Graph, but FDS produced such an enormous volume
of log information that the Perl File::Tail module I use in Fedora DS
Graph literally couldn't read the entire log before it was rotated.  I
remember mentioning that using a named pipe could very well solve the
problem -- particularly if it could be put on a RAM disk, e.g.

If syntax validation checking is added (which I support), there should
be three modes, much like SELinux: Enforcing (syntax checking enabled,
invalid values not allowed), Permissive (syntax checking enabled,
invalid values permitted but a warning raised in the log), and
Disabled.  Additionally, there should be a way to check entire
branches of an LDAP tree for syntax compliance -- i.e., a
comprehensive auditing tool beyond just enabling Permissive mode and
watching the logs.

Thanks for all your hard work on this!

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University