mandriva directory server - 2010.rmll.info2010.rmll.info/img/pdf/rmll-2010-mds.pdf · mandriva...
TRANSCRIPT
5 / 26
Context
But
No integrated/centralized interfaceNo more true, maybeNice, easy to use ?
Learning curve for all those components !?
No global policies systemHow to enforce parameters on heterogeneous
systems ?(Proprietary product exists now)
6 / 26
Mandriva Directory Server
MDS = Identity and network service management, simple !
Web interface
Management API
+
+
7 / 26
Mandriva Directory Server
Current target: small/mid sized networks
Cheaper than AD, or free :)
For Windows, no such think like GPOsLots of admins don't use thempoledit.exe sufficient
Interface easy to use, to learnIt is not a LDAP browser !Windows administration operations available
8 / 26
Mandriva Directory Server
Domain controllerUsers / Groups / ComputersPassword sync
File serverSharesACLs
Print serverSAMBA / CUPSPoint'n Print
9 / 26
Mandriva Directory Server
DNS / WINSA / CNAME / NS / MX / PTR (reverse)For LAN / WANDNS zones stored into LDAP
DHCPDHCP options (IP phone, diskless boot, …)DHCP / DNS syncDHCP lease statusDHCP configuration stored into LDAP
10 / 26
Mandriva Directory Server
Mail servicePOSTFIX / DOVECOTSMTP / IMAP / POP
Web proxyAuthenticationBlacklist
11 / 26
Mandriva Directory Server
User accountHome directory quotaMail delivery quotaMassive import/export from CSV file
User password policyServer sideComplexityExpirationAvoid bruteforce attackScope: user or directory
AuditTrace all MDS user interactionsWho ? What ? When ?
14 / 26
MMC API
Python script
#!/usr/bin/python
from mmc.plugins.base import ldapUserGroupControlusers = [('login1', 'passwd1', 'firstname1', 'lastname1'), ('login2', 'passwd2', 'firstname2', 'lastname2'), ('login3', 'passwd3', 'firstname3', 'lastname3'), # ... ]l = ldapUserGroupControl()for login, password, firstname, lastname in users: # Store user into LDAP l.addUser(login, password, firstname, lastname) # Change user "mail" attribute value l.changeUserAttributes(login, 'mail', login + '@example.com')
16 / 26
MMC API
XMLRPC call
Cross language
#!/usr/bin/python
import xmlrpclib
server = xmlrpclib.ServerProxy("https://mmc:s3cr3t@localhost:7080")print server.base.authenticate('user1', 'userpass')
17 / 26
MDS is Open Source
GPL v2
Development resourcesTRAC => http://mds.mandriva.orgMailing listsSVN, precommit hooksQA: Buildbot + Selenium
Public repo is the main repo !
Current version: 2.4.0
19 / 26
MMC platform use
Pulse 2 – Computer System Management InventoryDeploymentImagingHeterogeneous systems
Pulse 2 = MMC+ XMLRPC SERVICES+ client side agents
20 / 26
MMC platform use
AdminProxyRemote access control to equipments (SSH
proxy, HTTP proxy, etc)A System@tic projectConsortium WALLIX / Mandriva / ALTERWAY /
AQUARELLE / OPPIDA
21 / 26
Future MDS release
Main idea : manage and control larger network
LDAP directory: from flat to tree
New widget web side
Apply parameters to computer and user profilesGPOlike systemPolicy agent for Windows, MAC, Linux
Delegation of administration
22 / 26
Next minor MDS releases
MDS 2.4.1Bug fixCode stabilizationMinor features (Zarafa, ...)First round of MMC Widget improvement
MDS 2.4.2Finalize Kerberos 5 integrationUsing Heimdal + LDAPPassword synchronization
userPassword
sambaNTPassword
krb5Key
With OpenLDAP + smbk5pwd overlay !(Kerberos authentication to the MMC login)
23 / 26
Next major MDS release
CUPS administrationGetting rid of CUPS web interfacePreliminary work doneMay be a 2.4.x release
Presence notificationWho's online ?Where ?May be a 2.5.x release
GPOlike system
24 / 26
GPOlike system
Goal: apply parametersTo computers and usersOn heterogeneous systems !
Consistent user profile across desktop environmentWindowsMACKDE / GNOME
For exampleDesktop customization (background …)Device locking (USB keys, …)
Needs for new client side policy agentDJINNPuppet ?