7:08 p.m.
On Jun 05, Imre Jonk wrote:
Awesome, thanks a lot for making it happen! I've been using
DebOps at
CipherMail, Bits of Freedom and Amsterdam Wireless since v0.8.1, and I
just finished the update to v1.0.2. DebOps has greatly improved the way
we manage our servers. It's been a big step-up from our own Ansible
playbooks.
So, the question is, what's still missing from your setup? Any wishes about
where the project should head next?
Unfortunately it turned out that FusionDirectory, the web-based LDAP
management tool we used previously, would break the new directory
structure, so it had to go.
That's unfortunate. Fusion Directory looks like a really awesome LDAP
management suite with support for many schemas, services, etc. I hoped to add
support for it in the future, hopefully somewhat integrated with DebOps. Do
you know what exactly was broken, or perhaps it was your own setup that was
incompatible with new LDAP tree set up by DebOps environment and adding Fusion
Directory on top of that would still work?
We're using LDAP Account Manager now which
works just as well. It even has a nice directory tree viewer :)
Unfortunately, LDAP Account Manager package was removed from Debin Buster:
https://tracker.debian.org/news/1036031/ldap-account-manager-removed-from...
So it will take some time until is available again. Upstream provides .deb
packages but only as a direct download. That's why I was looking to add Fusion
Directory support instead, but if you say that it breaks the current LDAP
setup created by DebOps, hmmm... I wonder if something can be done about it.
Maciej, thanks a lot for all the hard work you put into the new LDAP
roles, they definitely are a big improvement over the old one. I
especially like the new ACLs and automated snapshots. I really enjoyed
reading the message you posted about it to debops-users. It's great to
see that so much care was put into it.
I need to double down and push the ldap_attrs Ansible module to the Ansible
core, if you say that the combination works so well. :-)
By the way, you mentioned that you had difficulties writing a role
for
deploying a FusionDirectory frontend because it couldn't detect the base
DN. We had this issue as well, using the stretch-backports version
solved it for us. But like I said, we're using LDAP Account Manager now.
Interesting, I will have to check the stretch-backports version then. Thanks
for the tip.
Cheers,
Maciej