Hi census experts!
At first, I wanted to thank you for that wonderful technology, providing
secure (tls ready, acl ready, clusterable) product: you're the only one
driving annuary (directory) as mature as this.
I'm encountering an untraditional issue: I'm trying to make a kind of cloud
service all ldap centric: all my services are consuming ldap to give user
credentials (jenkins, webmail, nexus, etc...).
I'm able to make a first-time ldap installation that fits all my needs but
not able to makes it repeatable.
The issues are that:
* docker image are really difficult to tackle:
mains parts are on the same db: netscaperoot things, ssl configuration,
maxbersize, as well as the users db (dc=mydn, dc=people), so splitting
concerns are difficult.
* remove-ds.pl then setup-ds.pl does not make admin-ds recognizable within
the new ldap.
* remove-ds-admin.pl removes some rpm mandatory files, so yum erase
(389-ds-base, 389-admin, 389-adminutil), yum install is mandatory (but it
looks like its not sufficient, and can cause some side effect: removing
other deps).
So how can I make a repeatable 389 install?
What I want to achieve:
* Install a 389 server importing a personal CA and certs
* Securizing access (my cloud has prices depending on the number of users)
so my cloud adds users to 'dc=mycompany,ou=people, ou=company' but company
can add users to 'dc=mycompany,ou=people, ou=webmail,ou=contacts'
* Making it repeatable (exporting contacts data, yum erase 389-ds, yum
install 389-ds then configure stuff and importing contacts data should
lead to the same result as before), and I'm not able to do that after 3
month of work.
I've a sample Opscode Chef recipe mounting all this stuff, but
re-provisioning machine leads to errors, I can give access to one of your
dev if wanted.
Can 389 can be improved to uninstall ds then reinstall an installation
(without the admin things) and being as complete as before?
Best regards
--
Charlie Mordant
Full OSGI/EE stack made with Karaf:
https://github.com/OsgiliathEnterprise/net.osgiliath.parent