Home_greyopenFATE - openSUSE feature tracking > #313143
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

YaST LDAP client refactor/cleanup

Feature state

openSUSE Distribution
Evaluation By Productmanager

Description

Jiri (jsuchome) and I recently discussed some cleanup work we'd like to see in the YaST ldap-client module. This feature lists the main items we'd like to see reworked to improve the Module:

Remove no longer needed UI elements

Candidates are:

  • The TLS/SSL checkbox (sssd has a hard requirement for SSL/TLS)
  • The "LDAP Version 2" checkbox in the advanced settings. (there is AFAIK no LDAPv2-only Server implementation left)
  • The "Use LDAP but Disable Login" Radio Button

Restrict the UI to handle only really LDAP client related things

Currently the UI contains quite some settings which are not strictly related to LDAP client (nss/pam) setup. Over the year ldap-client became a bit of a disposal site for all kinds of LDAP related things, which made the UI a bit hard to understand. We should move some things to YaST modules where make a better fit. This is mostly about the settings currently available in the "Administration Settings" Tab (in "Advanced Configuration")

  • The
    Password Policies settings seem to fit better into the ldap-server module which already contains some of this functionality
  • Default Configuration Objects for other YaST modules (e.g. mail, dns, dhcp). Where possible the need for those special configuration objects should be removed. When a specific service still requires those configuration objects the YaST module for that service should be able to handle those objects it self (we could still offer utils API for that in yast2-ldap/ldap-client). E.g. the user management related object should be configured from inside the yast2-users module. yast2-ldap-server could offer to create default objects during the initial LDAP server setup.
  • The
    Home Directories on This Machine checkbox seems to be better suite in the Users module as well.
  • The rest of the values which go to /etc/sysconfig/ldap could be written by yast2-ldap-servers. We still need to figure out how to setup /etc/sysconfig/ldap on machines which to not run the LDAP Server but need access to those settings. (yast2-mail, -dns-server, -dhcp-server)
  • Adapt the API: move the LDAP* functions from ldap-client (impact on other modules!)

Relations

Discussion


icons/user_comment.png J. S. wrote: (6 years ago)

1. Removing TLS/SSL is based on assumption that we configure SSSD only, which is Feature #313142.

2. About The "Use LDAP but Disable Login" Radio Button: did we agree on some replacement of it? I cannot remember...

icons/user_comment.png J. S. wrote: (6 years ago)

Added attachment proposal for simplified first screen (ldap-client-redesign2.png)

icons/user_comment.png J. S. wrote: (6 years ago)

yast2-ldap-client-2.22.3 only offers SSSD configuration in UI, and the option to turn off TLS/SSL was removed.

icons/user_comment.png J. S. wrote: (6 years ago)

yast2-ldap-client-2.22.4 has the password policy configuration removed. Some parts were moved to yast2-ldap-server code (just svn), some other parts need to be added there. I've created a bug report to track it, see Bug #748004.

icons/user_comment.png J. S. wrote: (6 years ago)

Default Configuration Objects for other YaST modules (e.g. mail, dns, dhcp). Where possible the need for those special configuration objects should be removed.

Ralf, do you have any idea where it could/should be removed? Who can decide it?

icons/user_comment.png J. S. wrote: (5 years ago)

OK, I've made most of the required changes in yast2-ldap-client, yast2-users and yast2-ldap-server.

Ralf, could you take a look at current (Factory) versions of these and comment what else should be done? I mean mostly UI-wise, that API transition was not done.

icons/user_comment.png L. O. wrote: (4 years ago)

Ralf: ping

icons/user_comment.png R. H. wrote: (4 years ago)

Peter, could you take a look a this. I don't have any time left for this currently.

icons/user_comment.png J. W. wrote: (4 years ago)

Moving this forward for SLE 12. But important-only. We have a clear policy to focus on the new installer for GA and only improve YaST modules when time permits.

icons/user_comment.png J. S. wrote: (4 years ago)

Agreed. This is definitely worth to spend spare cycles on.

icons/user_comment.png L. O. wrote: (4 years ago)

Back to PjM: We currently don't have any LDAP expert available in team. Peter or Ralf could possibly work on that if they had time but they are not in Yast team.

icons/user_comment.png J. S. wrote: (4 years ago)

Mili, any chance Ralf or Peter could implement this feature?

icons/user_comment.png M. R. wrote: (4 years ago)

I think Peter Varkoly should be able to take care of this feature.

Last change: 8 months ago
Voting
Score: 3
  • Negative: 0
  • Neutral: 1
  • Positive: 3
Tags
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint