[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=config example

To: openldap-software@openldap.org
Subject: Re: cn=config example
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 21 Sep 2007 09:48:07 +0200
Cc: Gavin Henry <ghenry@openldap.org>
Content-disposition: inline
In-reply-to: <46F2EA11.50705@OpenLDAP.org>
References: <1i4rd94.1euowalrp5vi2M%manu@netbsd.org> <6f149c540709201356xcc01420w57a080906388aeee@mail.gmail.com> <46F2EA11.50705@OpenLDAP.org>
User-agent: KMail/1.9.6

On Thursday 20 September 2007 23:45:53 Gavin Henry wrote:
> Gabriel Stein wrote:
> > People...
> >
> > I have a idea about OpenLDAP documentation. There´s a good documentation
> > at OpenLDAP website. Why not create more efforts to create a Howto
> > series? I´m writing constantlty a howto week´s about basic OpenLDAP
> > features, like some integrations and hints. We can create something like
> > a wiki, using the OpenLDAP documentation and "translate" this things to
> > Howto´s.
> >
> > Horward, we can help your efforts? Thanks for your good work.
> >
> > Cheers.
>
> Hi Gabriel.
>
> I've often thought about this, as Samba do similar at:
> http://wiki.samba.org/index.php/Main_Page as do other major OSS projects.

But, then if we look at a page relevant to *this* project, you get something 
like:
http://wiki.samba.org/index.php/Samba_%26_LDAP#Setting_up_PAM_and_NSS_to_use_LDAP

Which is incomplete, misleading, and wrong on all distributions but SUSE.

Or, you follow links on some of the other resources that have been posted in 
this thread, and you get something like this:
http://fedoranews.org/mediawiki/index.php/How_to_setup_and_maintain_OpenLDAP_server_for_your_network#Scripts_to_make_your_life_easier
or this part:
http://fedoranews.org/mediawiki/index.php/How_to_setup_and_maintain_OpenLDAP_server_for_your_network#Testing

And, they missed the usual advice of editing migrate_common.ph (instead of the 
easier method of setting the LDAP_BASEDN environment variable), by only using 
the dc=example,dc=com example, thus ensuring all other users will be confused 
later:
http://fedoranews.org/mediawiki/index.php/How_to_setup_and_maintain_OpenLDAP_server_for_your_network

> Here are the issues with your appreciated suggestions:
>
> 1. The OpenLDAP project do not support 3rd Party software

While I don't have a problem with this, the question is why should this 
prevent OpenLDAP project documentation (with suitable disclaimers) from 
covering how to allow OpenLDAP to support other LDAP client software. For 
example, the only documentation available for configuring Solaris for using 
LDAP for user/group accounts assumes you use JES LDAP. Sun certainly isn't 
going to write any, and I would like to put the details somewhere before I 
forget them.

Is our only option something like http://scratchpad.wikia.com/wiki/Ldap

> 2. We have to find the time to mentor and verify the howto/wiki
> contributors.

Are you saying I need mentorship and verification?

> 3. We have to find the time to fight the wiki spam

Not if you limit contributions to authenticated users. And there is the LDAP 
authentication plugin for mediawiki ...

> 4. We have to find the time to keep the howtos updated

As the scratchpad wiki proves, I don't have *much* time ... but if a few 
people can spare a small amount of time, it may be viable.

> 5. Resources, lack of resources, need more resources.
> 6. etc.....
>
> *My* first and foremost priority is to finish the Admin Guide, keep it
> accurate and up to date.
>
> I think, as we have done all along, we leave the 3rd party integration
> to the 3rd party projects (like the wiki mentioned above).

Which obviously isn't doing such a great job. And, why should we leave it to 
Samba to document how to set up nss_ldap and OpenLDAP optimally? Or, is this 
an area nss_ldap should cover (including the indexes, ACLs etc. that should 
be configured on the server side)?

> What we don't 
> want is a wiki where people come along and start posting How tos that we
> don't have time to vet, which in turn starts to dilute the OpenLDAP
> quality brand and take our time away with the little resources we have.

It may be better than having hundreds of howtos out there in random places of 
much worse quality, leaving the impression that the OpenLDAP project prefers 
this to one authoritative place, where at least contributors or experts can 
correct mistakes (which we can't do for all the broken howtos).

> However, what is *vital* is that we provide a means to put the Admin
> Guide sections into working configuration examples (which some sections
> have/will have). This could mean real world deployment examples etc.

But, if we can't cover nss_ldap, Solaris ldapclient, sudo, proftpd,bind, 
dhcpd, autofs, samba,apache-mod_vhost_ldap, freeradius, kmail, evolution, 
thunderbird (all of which I have used with OpenLDAP), what do we cover (that 
isn't covered in man pages)?

> It's all very good having in depth guides, but sometimes it's better to
> get something running and come back to the main docs. The vessel in
> which we present these complete examples is irrelevant and can be
> decided at any point.
>
> So, coming back to your wonderful offer of help. If you would like to
> look at the latest docs in our source repo and pick up a
> section/subsection that appeals to you, we can move towards a complete
> and detailed OpenLDAP 2.4 Admin Guide and then do the wiki/howto stuff.
>
> Does that sound like a plan?

IMHO, it is more important to have concise, clear, documentation on getting 
the basics most people need to get started with (before they can justify 
spending more time to learn the ins and outs of all the features) with the 
most gain for the least effort, than documenting all the overlays, or the 
backends that are not used frequently.

For example, we have nothing to offer to compete with:
http://directory.fedoraproject.org/
http://directory.fedoraproject.org/wiki/Howto:MigrateToLDAP
http://directory.fedoraproject.org/wiki/Howto:OpenLDAPMigration
http://directory.fedoraproject.org/wiki/Howto:Posix
http://directory.fedoraproject.org/wiki/Howto:PAM
http://directory.fedoraproject.org/wiki/Howto:Netgroups
http://directory.fedoraproject.org/wiki/Howto:SolarisClient
http://directory.fedoraproject.org/wiki/Howto:Automount
http://directory.fedoraproject.org/wiki/Howto:Samba

So, from a "what can I do with this software before I decide which one" 
perspective, OpenLDAP will be at a disadvantage while we are prevented from 
mentioning anything besides OpenLDAP.

Regards,
Buchan

Follow-Ups:
- Re: cn=config example
  - From: Gavin Henry <ghenry@OpenLDAP.org>
- Re: cn=config example
  - From: Howard Chu <hyc@symas.com>

References:
- Re: cn=config example
  - From: manu@netbsd.org (Emmanuel Dreyfus)
- Re: cn=config example
  - From: "Gabriel Stein" <gabrielstein@gmail.com>
- Re: cn=config example
  - From: Gavin Henry <ghenry@OpenLDAP.org>

Prev by Date: Re: cn=config example
Next by Date: Re: cn=config example
Index(es):
- Chronological
- Thread