[WIP] Feature/389 ds ldap server #403
Conversation
xml/security_ldap.xml
Outdated
| <para> | ||
| <remark>taroth 2019-02-21: @wbrown: the content of this section needs to be | ||
| revised for sure - could you please let me know what to remove, replace, or |
There was a problem hiding this comment.
Basically everything. 389-ds works really differently to openldap, so we probably need a completely different approach. Perhaps a good place to start is from my quickstart docs I have made? http://www.port389.org/docs/389ds/howto/quickstart.html
I also think perhaps it may be good to have a list of items we want to have documented. Probably at least:
- Setup/Install
- Basic admin (users, groups, setting up a client with sssd)
- Backup/Restore
- Setting up a replica
- Decommisioning a server?
Is there more? What points are covered here?
There was a problem hiding this comment.
Thanks, William! Sounds good to me. Also your quick start is a good basis to start from.
Regarding the LDAP chapter, I could imagine the following structure:
- Structure of an LDAP Directory Tree (keep)
- Configuring the 389-ds LDAP Server (new)
- Installing the Software
- Setting Up the Server
- Administering the Server (users, groups, setting up a client with sssd)
- Backing Up and Restoring the Database
- Configuring an LDAP Client (new?/ adjust former section?)
Depending on which of these steps can also be done with YaST, we need to describe both approaches for those steps (manually & via YaST).
Not sure about the topics 'replica' and 'decommissioning' yet, let's discuss this next week.
I would try to focus on the basic tasks for the chapter. For further configuration tasks, we can probably also refer to the upstream docs.
There was a problem hiding this comment.
For "structure", I'm happy for you to use content from my personal blog about this topic https://fy.blackhats.net.au/blog/html/pages/ldap_guide_part_1_foundations.html (I often hear this is the "best" ldap primer on the internet :) )
Configuration sounds good, and seems pretty similar to the quickstart. We can go into more detail if we want.
I think the "ldap client" setup, is in the quickstart I linked too, and certainly we should expand on that too.
I'm not sure about yast setup (I haven't been involved in that part), but certainly the manual setup should be pretty easy.
I think we do this first, then we'll add replication later? Replication is our main selling point as an LDAP implementation, so it would be great to have something in the suse docs about this.
There was a problem hiding this comment.
@Firstyear : Actually, regarding the section 'Structure of an LDAP Directory Tree' my initial thought was to keep the section that we already have in the current chapter. If that is not good enough from your point of view, we can add information from your LDAP guide or replace the current section with content from your guide.
About replication: If this is the main selling point, we should certainly cover it in the docs (how soon probably is a question of resources).
There was a problem hiding this comment.
I think there are some improvements to make it it's clarity, it's super dense at the moment. But perhaps that's a future change? I just worry if this is someones first attempt to understand LDAP, would they read this and understand how it works? The current content is okay for now (it took me a while to convince github to let me read it).
There was a problem hiding this comment.
I'll keep this section on the list of ToDos then, but it has rather low priority, because first of all, we need to update the other content of the chapter that no longer applies.
Regarding readability: As reading longer texts on GH is cumbersome, I will provide a draft PDF of the updated chapter as soon as we have reached a version that makes sense for you to read. :) Until then, you can also have a look at the HTML output of the content in the develop branch, which was the starting point of this feature branch (see the links to docserv I sent you).
There was a problem hiding this comment.
Sounds good, I'll look at those links soon. I agree that we can leave this as low priority :)
|
Okay, I've started on some comments. What you have looks reasonable, it seems like a big "delete" of the openldap parts which is fine. I think next is to define what content dot-points/headings you want, and then I can help you fill it in :) |
- until we decide what to do with them (integrate content in new sections, remove completely, update...)
- change ID to sec.security.ldap.server.389-ds and remove xref to former section ID - adjust title - remove content that does no longer apply - add comments for two snippets in question
- plus some related changes (e.g. integrate content from yast-related note into para)
- because they are not userfriendly and only for experts
- to wbrown in the last step
- with remaining ToDos for later - now ready for another review by wbrown
- in more detail
- added remark for wbrown
- as agreed with wbrown
- arrived via mail on 2019-07-11
- arrived via mail on 2019-07-11
|
@Firstyear : Even if this topic is still WIP, I have (manually) merged all the work we did so far into 'develop' with the following 4 commits: As 'develop' is the branch in which we will work on the documentation for the (yet to come SLE 15 SP2 release), I considered it safe to include the changes (we still have enough time to adjust and finish them for SLE 15 SP2). However, as discussed before, I will only merge the changes into the maintenance/SLE15SP1 branch after we have finalized the docs (and if the software changes have been pushed to SLE 15 SP1 as a maintenance update). |
from 'master' - affected files: * security_auth.xml * security_ldap.xml * security_ldap_kerberos_ad_yast.xml * yast2_userman.xml * ay_bigfile.xml * security_kerberos.xml * entity-decl.ent * net_slp.xml * security_ad_support.xml * yast2-ldap-server.png (new image) - based on the following PRs: * #545 * #514 * #403
from 'master' - affected files: * security_auth.xml * security_ldap.xml * security_ldap_kerberos_ad_yast.xml * yast2_userman.xml * ay_bigfile.xml * security_kerberos.xml * entity-decl.ent * net_slp.xml * security_ad_support.xml * yast2-ldap-server.png (new image) - based on the following PRs: * #545 * #514 * #403 (cherry picked from commit 2e370b8)
Description
PR for William Brown to review the current doc version with regards to Fate#323362 (Make 389-ds primary ldap server). I added remarks to the following files for the sections where I suspect that changes are required (look for remarks with '@wbrown') . Please comment.
Checklist
Are backports required?