Andrey Ivanov wrote:
> I continue with my list
Thanks - I've added many of these to the list - questions below.
>
> * the server should be able to return the members of dynamic groups
> "on the fly" as if it were real members, the membership attribute
> should be configurable - uniqueMember, member or another
I put this on the Future list:
Dynamic group expansion
* Define a dynamic group, and have the member/uniqueMember attribute
of this group automatically be populated by the server
* clients can then just search for member like with a regular static
posix group
>
> * support of other virtual attributes generated "on the fly"
Can you explain this a little more?
>
> * pam passthrough plug-in should take into account at least the
> account activation/desactivation (bug *470684*
> <https://bugzilla.redhat.com/show_bug.cgi?id=470684> ). There is a
> comment about some additional useful features it in th README file of
> this plug-in :
> We need to worry about account expiration or lockout e.g. the user's
> credentials are valid but the user has been locked out of his/her
> account, or the password has expired, or something like that. Some of
>
>
> this can be handled by LDAP e.g. returning password policy control
> values when the password has expired.
>
>
> * a way to synchronise the configuration of indexes (each time we add
> an index on one of the replicated servers we need to make it manually
> on all the others) and some other parameters in "cn=config" between
> the replicated servers (a little like the "configuration" partition
> in active directory), the schema changes are already replicated which
> is very good
I'm calling this feature "Configuration replication" - I think it could
be useful for other sorts of configuration.
>
> * enforced attribute syntax validation
Already on the list - Syntax validation checking
>
> * re-verify and validate conformance of the syntaxes, case sensitivity
> and their matching rules to RFC
> (https://www.redhat.com/archives/fedora-directory-users/2008-July/msg00041.html)
>
Already on the list
> * unix socket autobind still does not seem to work (ldapi) -
> https://www.redhat.com/archives/fedora-directory-users/2009-February/msg00112.html.
> It could be very useful for various maintenance scripts running on the
> server.
We tested this with 1.2.0 and it seems to work. You tested a build from
source? Did you use --enable-autobind with configure? Did you restart
the server after configuring your autobind and sasl mapping?
>
> * verification of the server from the viewpoint of memory leaks. Th
> size of the memory used by the server grows with time (normally we
> don't restart the sevrr during several months, so i can follow the stats)
We regularly run the server test suite with valgrind enabled. I'm not
aware of any per connection or per operation leaks. What exactly are
you seeing?
>
> * logconv.pl - very useful script, add some more options/ adjustments
> (for example, a switch to hide unindexed searches in verbose mode). We
> use it as logwatch.
>
> * a perl script to show the replication statistics (there is one for
> the we page generation statistics, something more basic, text-only
> would be very welcome) in text mode - to receiveth reports by mail
> once per day like logwatch for example
What sort of information are you looking for? ldapsearch can provide
most of the useful information.
>
> * regular expressions in ACIs (i know, it is very difficult to do, so
> maybe somewhere in the timescale of the version 10.0 ? :)) - for
> example, allow a user to add or modify a value just in case the new
> value mathes the regex. Or the group or dn of the user matches the
> regex...
You can do some of that currently with targetattrfilters - see
*http://tinyurl.com/3yo88r
We added support in 1.2.0 to allow you to specify group membership with
LDAP search specifications, which does allow some wildcarding, so that
might help too.
*
>
> * simplify the creation of new syntaxes and their validation/
> enforcement (version 11.0? :))
Can you elaborate?
>
> * virtual views allowing to map not only the trees but also the
> attributes ('cn' instead of 'uid' in a subtree, for example)
Can you elaborate?
>
> * enable regex in certmap.conf for mapping the CNs of the certificates
> during the certificate authentification of users
This is on the list as
Get rid of certmap.conf - use SASL mapping (cert auth is really just
SASL/EXTERNAL)
The sasl mapping code uses regular expressions
>
>
>
>
> Other than that i just want to emphasize the great job you are doing
> adding new features and especially the fantastic reactivity in fixing
> some critical server bugs (usually it takes only one or two days to
> have the necessary diff in bugzilla!)
>
> Thank you and please continue the development of this directory server!
And thank you for your suggestions.
>
>
>
>
>
>
>
> Thanks - I've added these notes to
> http://directory.fedoraproject.org/wiki/Roadmap#Version_1.3
>
> Anyone else? C'mon - surely you have an opinion about a new
> feature.
>
>
> Thanks for all your hard work on this!
>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090409/41d27064/attachment.bin
