[Fedora-directory-users] Proposed new features for 1.3

Wed Apr 8 21:02:40 UTC 2009

I continue with my list

* the server should be able to return the members of dynamic groups "on the
fly" as if it were real members, the membership attribute should be
configurable - uniqueMember, member or another

* support of other virtual attributes generated "on the fly"

* pam passthrough plug-in should take into account at least the account
activation/desactivation (bug
*470684*<https://bugzilla.redhat.com/show_bug.cgi?id=470684>). There
is a comment about some additional useful features it in th README
file of this plug-in :

We need to worry about account expiration or lockout e.g. the user's
credentials are valid but the user has been locked out of his/her
account, or the password has expired, or something like that. Some of

this can be handled by LDAP e.g. returning password policy control
values when the password has expired.

* a way to synchronise the configuration of indexes (each time we add an
index on one of the replicated servers we need to make it manually on all
the others) and some other parameters in "cn=config" between the replicated
servers  (a little like the "configuration" partition in active directory),
the schema changes are already replicated which is very good

* enforced attribute syntax validation

* re-verify and validate conformance of the syntaxes, case sensitivity and
their matching rules to RFC (
https://www.redhat.com/archives/fedora-directory-users/2008-July/msg00041.html
)

* unix socket autobind still does not seem to work (ldapi) -
https://www.redhat.com/archives/fedora-directory-users/2009-February/msg00112.html.
It could be very useful for various maintenance scripts running on the
server.

* verification of the server from the viewpoint of memory leaks. Th size of
the memory used by the server grows with time (normally we don't restart the
sevrr during several months, so i can follow the stats)

* logconv.pl - very useful script, add some more options/ adjustments (for
example, a switch to hide unindexed searches in verbose mode). We use it as
logwatch.

* a perl script to show the replication statistics (there is one for the we
page generation statistics, something more basic, text-only would be very
welcome) in text mode - to receiveth reports by mail once per day like
logwatch for example

* regular expressions in ACIs (i know, it is very difficult to do, so maybe
somewhere in the timescale of the version 10.0 ? :)) - for example, allow a
user to add or modify a value just in case the new value mathes the regex.
Or the group or dn of the user matches the regex...

* simplify the creation of new syntaxes and their validation/ enforcement
(version 11.0? :))

* virtual views allowing to map not only the trees but also the attributes
('cn' instead of 'uid' in a subtree, for example)

* enable regex in certmap.conf for mapping the CNs of the certificates
during the certificate authentification of users

Other than that i just want to emphasize the great job you are doing adding
new features and especially the fantastic reactivity in fixing some critical
server bugs (usually it takes only one or two days to have the necessary
diff in bugzilla!)

Thank you and please continue the development of this directory server!

>
>
>
> Thanks - I've added these notes to
>> http://directory.fedoraproject.org/wiki/Roadmap#Version_1.3
>>
>> Anyone else?  C'mon - surely you have an opinion about a new feature.
>>
>>
>>> Thanks for all your hard work on this!
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090408/0862698c/attachment.htm>