About: Licorn® DevBlog
rss
Browse by time:
- May 2012 (1)
- April 2012 (2)
- March 2012 (2)
- February 2012 (3)
- December 2011 (1)
- October 2011 (3)
- September 2011 (3)
- May 2011 (3)
- April 2011 (1)
- March 2011 (2)
- February 2011 (1)
- January 2011 (2)
- December 2010 (7)
- November 2010 (5)
- October 2010 (2)
- September 2010 (3)
- August 2010 (10)
- July 2010 (3)
- June 2010 (6)
- March 2009 (1)
- January 2009 (8)
Browse by category:
- rss ACLs (1)
- rss Architecture (1)
- rss CLI (4)
- rss D3 (1)
- rss Debian (1)
- rss LDAP (3)
- rss Licorn (4)
- rss Licorn® (2)
- rss NFS (1)
- rss OOP (1)
- rss Pyro (2)
- rss QA (2)
- rss RPC (1)
- rss SAMBA (1)
- rss Twisted (1)
- rss UNIX (1)
- rss WMI (5)
- rss add (2)
- rss admin (1)
- rss animations (1)
- rss apache (1)
- rss apprentice (1)
- rss architecture (1)
- rss automation (2)
- rss backend (5)
- rss backends (2)
- rss backup (2)
- rss bazaar (2)
- rss benchmark (1)
- rss bugfix (1)
- rss bugs (1)
- rss bzr (3)
- rss change (1)
- rss changes (1)
- rss check (1)
- rss chk (1)
- rss cleanup (1)
- rss cli (1)
- rss client (1)
- rss code (3)
- rss coding (1)
- rss completion (1)
- rss complexity (1)
- rss configuration (4)
- rss console (1)
- rss controllers (1)
- rss core (3)
- rss crashes (1)
- rss customization (1)
- rss daemon (12)
- rss darcs (4)
- rss debug (2)
- rss debugger (1)
- rss debugging (1)
- rss del (1)
- rss description (2)
- rss developement (1)
- rss developer (1)
- rss development (3)
- rss difficulties (1)
- rss discover (1)
- rss discovery (1)
- rss django (2)
- rss documentation (4)
- rss dynamic (1)
- rss ease (1)
- rss enhance (1)
- rss enhancement (9)
- rss enhancements (2)
- rss errors (1)
- rss events (1)
- rss experimental (1)
- rss extensions (5)
- rss features (1)
- rss finish (1)
- rss flag (1)
- rss flexibility (1)
- rss geany (1)
- rss geekism (1)
- rss get (1)
- rss gevent (2)
- rss git (1)
- rss gitflow (1)
- rss good (1)
- rss graphics (1)
- rss groups (3)
- rss gvim (1)
- rss httperf (1)
- rss https (1)
- rss i18n (1)
- rss ideas (1)
- rss implementation (1)
- rss inotifier (2)
- rss interaction (3)
- rss internals (1)
- rss javascript (1)
- rss jinja2 (1)
- rss jquery (1)
- rss key (1)
- rss ldap (6)
- rss leak (1)
- rss licorn (5)
- rss licornd (8)
- rss licornd-wmi (1)
- rss live (1)
- rss ltrace (2)
- rss machines (1)
- rss major (1)
- rss meliae (1)
- rss memory (1)
- rss migration (2)
- rss milestones (1)
- rss mod (1)
- rss model (1)
- rss modules (2)
- rss monitor (1)
- rss mount (1)
- rss network (4)
- rss news (1)
- rss night (1)
- rss nmap (1)
- rss ntfs (1)
- rss object (1)
- rss openldap (1)
- rss openssh (1)
- rss ouput (1)
- rss password (1)
- rss patch (1)
- rss performance (2)
- rss permissions (1)
- rss pickle (1)
- rss preferences (1)
- rss privileges (2)
- rss profiling (1)
- rss progress (5)
- rss properties (1)
- rss push (1)
- rss pyinotify (1)
- rss pylint (2)
- rss pyro (2)
- rss python (3)
- rss quality (2)
- rss rdiff-backup (1)
- rss readings (1)
- rss readline (1)
- rss refactor (1)
- rss reference (1)
- rss regexxer (1)
- rss release (1)
- rss remote (3)
- rss rename (1)
- rss report (1)
- rss repositories (2)
- rss repository (2)
- rss research (1)
- rss rewrite (1)
- rss rfoo (1)
- rss roadmap (1)
- rss rsync (1)
- rss schema (1)
- rss security (1)
- rss server (2)
- rss service (1)
- rss shadow (1)
- rss shutdown (1)
- rss speed (1)
- rss ssh (1)
- rss standard (1)
- rss status (2)
- rss summary (1)
- rss switch (1)
- rss system (3)
- rss team (1)
- rss testing (1)
- rss testsuite (2)
- rss thread (1)
- rss trac (2)
- rss udisks (1)
- rss unix (3)
- rss upgrade (1)
- rss usb (1)
- rss users (2)
- rss vfat (1)
- rss volumes (2)
- rss webserver (1)
- rss work (1)
- rss worklog (1)
Removed silly limitations on system groups with LDAP backend enabled
Responding to changeset 279 and explaining the reasons of changeset 304, there is now no more limitations when creating system groups.
If the LDAP backend is enabled, the newly created system group will go into the LDAP backend.
This makes NFS works perfectly on LDAP-enabled clients, which now see all groups when listings ACLs and standard posix perms.
Now, the licorn-ldap-server debian package tries to move every important pre-existing system group (acl, licorn-wmi) from the Unix backend to the LDAP one. This will implicitly install them network-wide and avoid the need to create them on every ALT®. Finally this will help propagate admin privileges on every client.
- Posted: 2010-08-19 09:16
- Author: olive
- Categories: network privileges system standard NFS enhancement groups LDAP
- Comments (0)
LDAP backend nearing completion
Only 7 working days (with standard working hours !) were needed to implement the biggest part of the LDAP backend and fix blocker bugs. It works completely today (get/add/mod/del, wouhou !).
The only work not yet done is slapd configuration, which is not strictly the backend functionnality, but I want it done: Licorn has to autoconfigure slapd when it's freshly installed. Typically on a Lucid Lynx system (Ubuntu), cn=config is completely empty, which render slapd totally unusable, which is not acceptable for us.
This could be resolved by packaging work. But I want Licorn to be autonomous on different system and not duplicate packaging work among distros. By the way, Licorn must in the end be able to change the LDAP base_dn and other configuration attributes. Even though this functionnality is less than autoconfiguration, autoconfiguration is not far behind (the way that I see it, in KISS technology).
- Posted: 2010-07-07 16:23
- Author: olive
- Categories: implementation completion backend LDAP
- Comments (0)
WMI released, LDAP in progress
I released the version 1.1 of Licorn®, which is quite a good news. The first release after nearly a year of silence and 2 weeks of code.
All WMI features are completely functionnal, except the "import users" one, which is not critical in early deployments.
LDAP work has begun and I plan to release the first beta version (managing users and groups) between the middle and the end of the week. LDAP support will be very preliminary: we will support only all *nix features, not the SAMBA ones. But ongoing work will take care of extending these.
First goal is to make Linux clients authenticate against a Licorn® server, making the whole thing rock solid. I hate bugs ;-)
