[et-mgmt-tools] Cobbler 0.9.X/1.0 -- Integrating with Free IPA, Auth against LDAP, and Optional object ownership

Michael DeHaan mdehaan at redhat.com
Thu Mar 27 22:08:31 UTC 2008 

Michael DeHaan wrote:
> So today (Many thanks to Vito Laurenza and Simo Sorce),  Cobbler is 
> getting pretty close to being able to auth the WebUI and XMLRPC 
> requests against LDAP (in fact, it works in git now), as opposed to 
> the default method of having users/passwords in a digest file.   It's 
> using TLS and all that good stuff.  I have early instructions up 
> here:  https://fedorahosted.org/cobbler/wiki/CobblerWithLdap -- this 
> is something quite a few people have requested, so it should be nice 
> to have.
>
> In the simplest LDAP configuration (the default configuration does not 
> use/require LDAP), LDAP will provide authentication for web interface 
> users plus users of the XMLRPC API, with final authorization access 
> (yes/no) coming from whether the users are listed in 
> /etc/cobbler/users.conf. 
> (Kerberos is already supported, but rather roughly, so I'm still 
> looking to clean that up.)
>
> After that is complete, we can work on adding the much requested 
> concept of object ownership -- i.e. "Alice can edit her own created 
> objects, Bob can edit his, and Admins can edit both".   How we do that 
> is still TBD though it should be reasonably simple.
>
> So once we roll out 0.9.X/1.0, the available authentication modes will 
> be:
>
>    configfile (digest, which is the default), ldap, kerberos
>
> And the available authentication modes will be:
>
>    allowall (which is the default),  configfile (users list), ownership
>
> Comments/questions/ideas welcome...  I will also update the Web UI 
> docs with further pointers to these docs as this becomes available for 
> testing.
>
> I know others have mentioned further integration with LDAP in their 
> infrastructure, so if that's important, please share details as to 
> what you are looking for.   I also have an RFE to consider LDB for 
> storing cobbler configurations, which could prove interesting as an 
> option to what we have know for storage (yaml or bsddb) -- this could 
> further help with LDAP integration if it makes sense.
>
> --Michael
>
>
>
> _______________________________________________
> et-mgmt-tools mailing list
> et-mgmt-tools at redhat.com
> https://www.redhat.com/mailman/listinfo/et-mgmt-tools

I've updated this with some more information on the authorization 
options...   Ownership and simple Config File based
authorization are now implemented in git on the devel branch.

https://fedorahosted.org/cobbler/wiki/CustomizableAuthorization

I've also updated the LDAP page somewhat.

In the coming days I'll work on making the WebUI make ownership more 
obvious (as opposed to just raising exceptions), making the WebUI be 
able to list/edit ownership, and also figuring out what do when someone 
wants to delete an object that your object depends on (a fun corner case 
to be sure).

--Michael

More information about the et-mgmt-tools mailing list