[Fedora-directory-users] Proposed new features for 1.3

Rich Megginson rmeggins at redhat.com
Thu Apr 9 23:23:41 UTC 2009 

Andrey Ivanov wrote:
> I continue with my list
Thanks - I've added many of these to the list - questions below.
>
> * the server should be able to return the members of dynamic groups 
> "on the fly" as if it were real members, the membership attribute 
> should be configurable - uniqueMember, member or another
I put this on the Future list:
Dynamic group expansion

    * Define a dynamic group, and have the member/uniqueMember attribute
      of this group automatically be populated by the server
    * clients can then just search for member like with a regular static
      posix group


>
> * support of other virtual attributes generated "on the fly"
Can you explain this a little more?
>
> * pam passthrough plug-in should take into account at least the 
> account activation/desactivation (bug *470684* 
> <https://bugzilla.redhat.com/show_bug.cgi?id=470684> ). There is a 
> comment about some additional useful features it in th README file of 
> this plug-in :
> We need to worry about account expiration or lockout e.g. the user's
> credentials are valid but the user has been locked out of his/her
> account, or the password has expired, or something like that. Some of
>
>
> this can be handled by LDAP e.g. returning password policy control
> values when the password has expired.
>
>
> * a way to synchronise the configuration of indexes (each time we add 
> an index on one of the replicated servers we need to make it manually 
> on all the others) and some other parameters in "cn=config" between 
> the replicated servers  (a little like the "configuration" partition 
> in active directory), the schema changes are already replicated which 
> is very good
I'm calling this feature "Configuration replication" - I think it could 
be useful for other sorts of configuration.
>
> * enforced attribute syntax validation
Already on the list - Syntax validation checking
>
> * re-verify and validate conformance of the syntaxes, case sensitivity 
> and their matching rules to RFC 
> (https://www.redhat.com/archives/fedora-directory-users/2008-July/msg00041.html)
>
Already on the list
> * unix socket autobind still does not seem to work (ldapi) - 
> https://www.redhat.com/archives/fedora-directory-users/2009-February/msg00112.html. 
> It could be very useful for various maintenance scripts running on the 
> server.
We tested this with 1.2.0 and it seems to work.  You tested a build from 
source?  Did you use --enable-autobind with configure?  Did you restart 
the server after configuring your autobind and sasl mapping?
>
> * verification of the server from the viewpoint of memory leaks. Th 
> size of the memory used by the server grows with time (normally we 
> don't restart the sevrr during several months, so i can follow the stats)
We regularly run the server test suite with valgrind enabled.  I'm not 
aware of any per connection or per operation leaks.  What exactly are 
you seeing?
>
> * logconv.pl - very useful script, add some more options/ adjustments 
> (for example, a switch to hide unindexed searches in verbose mode). We 
> use it as logwatch.
>
> * a perl script to show the replication statistics (there is one for 
> the we page generation statistics, something more basic, text-only 
> would be very welcome) in text mode - to receiveth reports by mail 
> once per day like logwatch for example
What sort of information are you looking for?  ldapsearch can provide 
most of the useful information.
>
> * regular expressions in ACIs (i know, it is very difficult to do, so 
> maybe somewhere in the timescale of the version 10.0 ? :)) - for 
> example, allow a user to add or modify a value just in case the new 
> value mathes the regex. Or the group or dn of the user matches the 
> regex...
You can do some of that currently with targetattrfilters - see 
*http://tinyurl.com/3yo88r

We added support in 1.2.0 to allow you to specify group membership with 
LDAP search specifications, which does allow some wildcarding, so that 
might help too.
*
>
> * simplify the creation of new syntaxes and their validation/ 
> enforcement (version 11.0? :))
Can you elaborate?
>
> * virtual views allowing to map not only the trees but also the 
> attributes ('cn' instead of 'uid' in a subtree, for example)
Can you elaborate?
>
> * enable regex in certmap.conf for mapping the CNs of the certificates 
> during the certificate authentification of users
This is on the list as
Get rid of certmap.conf - use SASL mapping (cert auth is really just 
SASL/EXTERNAL)
The sasl mapping code uses regular expressions
>
>
>
>
> Other than that i just want to emphasize the great job you are doing 
> adding new features and especially the fantastic reactivity in fixing 
> some critical server bugs (usually it takes only one or two days to 
> have the necessary diff in bugzilla!)
>
> Thank you and please continue the development of this directory server!
And thank you for your suggestions.
>
>
>  
>
>
>
>
>         Thanks - I've added these notes to
>         http://directory.fedoraproject.org/wiki/Roadmap#Version_1.3
>
>         Anyone else?  C'mon - surely you have an opinion about a new
>         feature.
>
>
>             Thanks for all your hard work on this!
>
>  
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090409/41d27064/attachment.bin>

More information about the 389-users mailing list