On Tue, 31 Mar 2009, Rich Megginson wrote: > Here are some features we are considering for the next major version > (tentatively called 1.3). These are not in any particular order, and this is > quite an ambitious list, so we're not likely to complete all of these in a > single release. We would appreciate your help in prioritizing this list, > filling in any missing details, helping with > requirements/design/coding/testing/docs, and letting us know if there are > other features which would be nice to have. The "Security Enhancements" section contains several particularly important items, particularly the ability to disallow plain text binds. That gets asked for quite frequently on IRC. The named pipe for logging is needed, too; I helped one FDS user who was using my Fedora DS Graph, but FDS produced such an enormous volume of log information that the Perl File::Tail module I use in Fedora DS Graph literally couldn't read the entire log before it was rotated. I remember mentioning that using a named pipe could very well solve the problem -- particularly if it could be put on a RAM disk, e.g. If syntax validation checking is added (which I support), there should be three modes, much like SELinux: Enforcing (syntax checking enabled, invalid values not allowed), Permissive (syntax checking enabled, invalid values permitted but a warning raised in the log), and Disabled. Additionally, there should be a way to check entire branches of an LDAP tree for syntax compliance -- i.e., a comprehensive auditing tool beyond just enabling Permissive mode and watching the logs. Thanks for all your hard work on this! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University
