|Version 9 (modified by poundjd, 4 years ago) (diff)|
Users and Groups
Make Plain sldap Listen on Loopback and Use LDAPS or TLS for 0.0.0.0
Better Management of Built-In Groups
If you create a group named users, it cause the file shares based in the "Edit Group" page to not be accessible. The UNIX group becomes "USERS" which will not work with the generated smb.conf file. I believe this is because of a conflict with a local group that already contains that name. I guess checking for local groups could prevent this problem.
Ability to Set UID/GID
Move All the NSS Stuff from the Samba Module to the Usersandgroups Module
There might be some modules that need to use LDAP users besides the Samba Module. Right now the ebox-samba module is the one doing all the nsswitch.conf and libnss-ldap.conf configuration.
It would be better to push these configuration changes to the Usersandgroups Module so other modules that need LDAP users don't need to depend on Samba.
- usedFiles: move /etc/ldap.conf, /etc/ldap.secret and /etc/nsswitch.conf to usersandgroups' usedFiles
- File Generation
o NSS ldap.conf: right now it is done in _setSambaConf in Samba.pm, it just seems to rely in:
my $ldap = EBox::Ldap->instance();
my $ldapconf = $ldap->ldapConf();
my $users = EBox::Global->modInstance('users');
So there should be no problem in moving the NSS ldap.conf file generation to the Usersandgroups Module.
o nsswitch.conf: created in the script ebox-samba-enable, called from enableActions in Samba.pm, move to a ebox-init-ldap script in the Usersandgroups Module.
o ldap.secret: created in the script ebox-samba-enable, called from enableActions in Samba.pm, move to ebox-init-ldap script in the Usersandgroups Module.
It would also make sense to move the creation of the /home directories to this module.
Right now they are created in Samba, and users end up in /home/samba/users/, they should be created in /home/ directly.
Probably all the samba stuff should go somewhere else like /home/_samba/, /srv/samba/, ...
- Enforce password strength requirements.
- Investigate setting password complexity rules that are enforced.