[Adduser-devel] adduser rewrite
docelic at mail.inet.hr
Fri Jan 5 20:12:59 CET 2007
On Fri, 5 Jan 2007 10:40:30 +0100
Marc Haber <mh+adduser-devel at zugschlus.de> wrote:
> On Thu, Jan 04, 2007 at 11:59:54PM +0100, Davor Ocelic wrote:
> > Recently we had a need to add ldap/krb/afs support to adduser.
> I am not sure whether it makes sense to have adduser write to other
> user database backends. If you, for example, install a mysql server on
> one system, is it desireable to have the mysql user created in ldap
> where it starts to exist on all systems?
This is a matter of configurable policy.
> I suspect that it will be exceptionally hard to write an adduser ldap
> backend that will cover the needs of all installations using it.
Not really. The way I've thought about it, there would be something
like /etc/adduser/add-user.ldif, which would be a template that
can expand variables from adduser, and it would be configured to
work with default debian ldap installation out of the box. If you modify
ldap setup, then you would have to modify those ldif files too, of course.
> When doing your code, please think modular and define an interface
> between main adduser and the "storage backend". Along this interface,
> code responsibilities can be shared, and it would be possible to plug
> in other backends.
Sure. As far as functions go, there's a set of common functions in the
And as far as data is concerned, I've preserved the
existing model where all needed data is somewhere in the config
hash (not *that* simple, but you get the idea). Then anyone can
retrieve values from the config directly.
> The first step would probably be defining that interface and modifying
> existing adduser (including the "shadow/passwd" backend) to use it
> before even thinking about ldap or other backends.
Yes, that's what I did and wrote in the previous e-mail. I currently more
or less have all the features of the existing adduser working.
More information about the Adduser-devel