Well, in addition to school, work, being a research assistant, Model UN, the Pump it Up pad, and all my other ventures, I’ve decided to make an attempt at becoming a Debian Developer. Debian is a distribution of my operating system of choice, Linux, and is always looking for more volunteers committed to writing high quality free software.
The package I’ve decided to start, which I have yet to find a sponsor for, is based off of a webmin module called webmin-ldap-useradmin. It’s a frontend for administering users inside of an LDAP database, which allows for storing authentication and other information in a central location. This essentially means that user information (and other information, interestingly enough) can be stored in one place. You change it in one place, and it’s reflected over an entire system.
However, this package has a few shortcomings in my opinion. It’s very centralized towards administering Linux user accounts, but tacks on Windows accounts as a small feature. Even worse, it doesn’t allow for editing HR information, contact information, etc. It’s extensible, but only to a very limited extent.
Here’s where I come in. Right now, it’s extremely hard to set up a Windows domain with an LDAP backend, much like Windows does with its Active Directory feature. Putting this information into the LDAP database can greatly simplify administration, if only the right tools were in place. This is hopefully going to be that tool.
With it, you should be able to administer multiple Windows domains, including the users, groups, and computers within that domain. Even better, this information can be used for other services than for Windows/UNIX authentication. For instance, it can be used as a source for a company DNS zone, eliminating the need for maintaining this data separately.
Think about it: you set up a new server in your company of three thousand people. Using conventional authentication methods, you would have to add in the users who have access to that machine, as well as any company-wide user groups. This can become a nightmare to administer, when you have dozens or even hundreds of servers, each of which must be continually updated to reflect changes in user access permissions, or the addition of new employees and the firing of old ones. Even worse, users have to remember a multitude of passwords, each of which expire at different times, are used to access several different machines, and must comply with varying restrictions. Even worse, this isn’t the only administration hassle. Now you’ve got to add the machine into any company domain name services, so that employees and customers can access it by a name rather than by its IP address. This service is why you can visit http://www.touset.org/ rather than having to type http://66.31.184.90/ in your browser.
This sort of functionality isn’t new. It’s been done with Apple’s Open Directory, Novell’s eDirectory, and by Microsoft’s Active Directory. However, none of the current implementations are licensed under the GPL or have been made to work independent of vendor-specific implementations.
My goal for this project, named LADR, is to at least modestly duplicate the functionality of these other Directory services, with a hope for eventual platform independence (it’s currently tied to an administration tool called webmin, but eventually will probably be ported to GTK).
It’s going to be an entire fork of the aforementioned project. Although it will branch from the same code base, I intend to rewrite the code almost entirely, using the original as a reference. I’m probably around 25% complete with this transition.
Currently, I’m uploading a release of the project which will be accessible as a Debian package on the left sidebar of this webpage. You can also view the package directory directly. As a warning, it doesn’t do anything useful right now (as far as I know–some of the old code is still there, and presumably working). However, if anyone wishes to whip it out and start helping out with development, the latest version should be there for you to download and start tinkering.
Post a Comment
You must be logged in to post a comment.