Feature changed by: Milisav Radmanic (radmanic) Feature #313143, revision 28 Title: YaST LDAP client refactor/cleanup openSUSE Distribution: Evaluation by product manager Priority Requester: Mandatory - Projectmanager: Important + Projectmanager: Neutral Requested by: Ralf Haferkamp (rhafer) Developer: Christian Kornacker (ckornacker) Partner organization: openSUSE.org Description: Jiri (jsuchome) and I recently discussed some cleanup work we'd like to see in the YaST ldap-client module. This feature lists the main items we'd like to see reworked to improve the Module: Remove no longer needed UI elements Candidates are: * The TLS/SSL checkbox (sssd has a hard requirement for SSL/TLS) * The "LDAP Version 2" checkbox in the advanced settings. (there is AFAIK no LDAPv2-only Server implementation left) * The "Use LDAP but Disable Login" Radio Button Restrict the UI to handle only really LDAP client related things Currently the UI contains quite some settings which are not strictly related to LDAP client (nss/pam) setup. Over the year ldap-client became a bit of a disposal site for all kinds of LDAP related things, which made the UI a bit hard to understand. We should move some things to YaST modules where make a better fit. This is mostly about the settings currently available in the "Administration Settings" Tab (in "Advanced Configuration") * The Password Policies settings seem to fit better into the ldap- server module which already contains some of this functionality * Default Configuration Objects for other YaST modules (e.g. mail, dns, dhcp). Where possible the need for those special configuration objects should be removed. When a specific service still requires those configuration objects the YaST module for that service should be able to handle those objects it self (we could still offer utils API for that in yast2-ldap/ldap-client). E.g. the user management related object should be configured from inside the yast2-users module. yast2- ldap-server could offer to create default objects during the initial LDAP server setup. * The Home Directories on This Machine checkbox seems to be better suite in the Users module as well. * The rest of the values which go to /etc/sysconfig/ldap could be written by yast2-ldap-servers. We still need to figure out how to setup /etc/sysconfig/ldap on machines which to not run the LDAP Server but need access to those settings. (yast2-mail, -dns-server, -dhcp-server) * Adapt the API: move the LDAP* functions from ldap-client (impact on other modules!) Relations: - related feature (feature/id: 313142) Discussion: #1: Jiří Suchomel (jsuchome) (2012-01-19 10:15:11) 1. Removing TLS/SSL is based on assumption that we configure SSSD only, which is feature 313142. 2. About The "Use LDAP but Disable Login" Radio Button: did we agree on some replacement of it? I cannot remember... #2: Jiří Suchomel (jsuchome) (2012-01-23 16:25:33) Added attachment proposal for simplified first screen (ldap-client- redesign2.png) #3: Jiří Suchomel (jsuchome) (2012-02-21 09:26:08) yast2-ldap-client-2.22.3 only offers SSSD configuration in UI, and the option to turn off TLS/SSL was removed. #5: Jiří Suchomel (jsuchome) (2012-02-21 11:37:45) (reply to #3) yast2-ldap-client-2.22.4 has the password policy configuration removed. Some parts were moved to yast2-ldap-server code (just svn), some other parts need to be added there. I've created a bug report to track it, see bnc#748004. #4: Jiří Suchomel (jsuchome) (2012-02-21 10:26:39) Default Configuration Objects for other YaST modules (e.g. mail, dns, dhcp). Where possible the need for those special configuration objects should be removed. Ralf, do you have any idea where it could/should be removed? Who can decide it? #6: Jiří Suchomel (jsuchome) (2012-04-19 08:52:07) OK, I've made most of the required changes in yast2-ldap-client, yast2- users and yast2-ldap-server. Ralf, could you take a look at current (Factory) versions of these and comment what else should be done? I mean mostly UI-wise, that API transition was not done. #7: Lukas Ocilka (locilka) (2013-07-30 14:38:43) (reply to #6) Ralf: ping #8: Ralf Haferkamp (rhafer) (2013-08-05 10:43:08) (reply to #7) Peter, could you take a look a this. I don't have any time left for this currently. #9: Joachim Werner (joachimwerner) (2013-08-08 12:45:24) Moving this forward for SLE 12. But important-only. We have a clear policy to focus on the new installer for GA and only improve YaST modules when time permits. #10: Jiri Srain (jsrain) (2013-08-08 12:49:58) (reply to #9) Agreed. This is definitely worth to spend spare cycles on. #11: Lukas Ocilka (locilka) (2013-09-09 16:41:11) Back to PjM: We currently don't have any LDAP expert available in team. Peter or Ralf could possibly work on that if they had time but they are not in Yast team. #12: Jiri Srain (jsrain) (2013-09-10 15:05:18) (reply to #11) Mili, any chance Ralf or Peter could implement this feature? #13: Milisav Radmanic (radmanic) (2013-09-18 11:14:25) I think Peter Varkoly should be able to take care of this feature. -- openSUSE Feature: https://features.opensuse.org/313143