[Freeipa-users] Propose FreeIPA theses: IPA support for sites

Dmitri Pal dpal at redhat.com
Fri Mar 7 15:12:43 UTC 2014 

On 03/06/2014 10:55 AM, Petr Spacek wrote:
> On 6.3.2014 14:32, Petr Spacek wrote:
>> now it is the right time to propose topics for theses in the next 
>> university
>> year.
>
> I propose "[RFE] IPA should support and manage DNS sites"
> https://fedorahosted.org/freeipa/ticket/2008
>
> It is rotting in the backlog and we are not going to touch it any time 
> soon.
>
> There is very low amount of 'theory' behind it but IMHO it is complex 
> enough:
> - Some theoretical analysis of our proposal sounds like a good idea. 
> We don't know if it is the best way or not.
> - Some testing with various *real* non-SSSD clients will be helpful.
> - Analysis how this can work with DNSSEC will be helpful.
> - This feature needs API/CLI/UI design. It is not clear how the 
> workflow should look like etc.
> - Support for roaming clients (in bind-dyndb-ldap) is missing.
>
> The scope can be changed as necessary.
>

We need to check if those are still relevant
* 
https://thesis-managementsystem.rhcloud.com/topic/show/179/java-loginmodule-using-gssapi 
<- I heard JBoss guys are fixing it
* We are talking to Mongo about this: 
https://thesis-managementsystem.rhcloud.com/topic/show/95/gssapi-auth-plugin-for-mongodb- 
I would consider pushing it lower in priority
* Is this still not implemented: 
https://thesis-managementsystem.rhcloud.com/topic/show/14/support-the-native-ipa-sudo-schema- 
?
* Is this really needed any more? 
https://thesis-managementsystem.rhcloud.com/topic/show/13/document-the-internals-of-libldb-and-create-an-example-module-and-example-back-end 
It looks like Yassir's document covers a lot.
* This 
https://thesis-managementsystem.rhcloud.com/topic/show/12/implement-support-for-additional-maps-for-the-sssd-fast-cache 
is still relevant but not a super high priority.
* It is unclear whether this is needed any more: 
https://thesis-managementsystem.rhcloud.com/topic/show/11/implement-3rd-party-id-mapper-in-sssd- 
seems like people can either use existing mapper (green field case) or 
already have UID/GID that they need to put into the central server.
* This one is taken: 
https://thesis-managementsystem.rhcloud.com/topic/show/10/create-openlmi-provider-for-management-of-the-client-components 
right?
* 
https://thesis-managementsystem.rhcloud.com/topic/show/7/central-management-of-automount-locations-in-freeipa 
- does not seem like something worth time
* This one would be really nice: 
https://thesis-managementsystem.rhcloud.com/topic/show/6/reporting-capability-in-freeipa
* And this one would be nice too: 
https://thesis-managementsystem.rhcloud.com/topic/show/5/time-based-account-policies-in-freeipa

Here are couple more IPA ones that came to mind:
https://fedorahosted.org/freeipa/ticket/4008
https://fedorahosted.org/freeipa/ticket/3656
https://fedorahosted.org/freeipa/ticket/4062
https://fedorahosted.org/freeipa/ticket/1225 <- came up 3 times during 
this week (registering external certs, uploading XML token files etc.) 
May be it is a special IPA command like: ipa upload-and-run that would 
use scp to copy file to the server and then call a command on the server 
side using this file. Details need to be worked out.

On SSSD side I used a keyword to try to group all the tickets related to 
the state/status/health of SSSD.
Here is what I got: 
https://fedorahosted.org/sssd/query?status=assigned&status=new&status=reopened&keywords=~Status&col=id&col=summary&col=keywords&col=status&col=owner&col=type&col=priority&col=milestone&order=priority 
most in 1.13 so too soon but still there may be some work we can offer.


GNOME Keyring work
https://fedorahosted.org/sssd/ticket/2221
https://fedorahosted.org/sssd/ticket/2222

UID/GID solution
https://fedorahosted.org/sssd/ticket/1715

Chaining access providers:
https://fedorahosted.org/sssd/ticket/1326

One can dig more into 14-15 releases to see if there is anything else 
worth looking into.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list