After having problems following the ldap guide (and hearing 2 other people say they had problems as well) I rewrote it to make it a little easier to follow. I seperated the examples into role based sections and added a little introduction. lcars, some of the content I added may be wrong, can you review this for technical accuracy? Also, can you add a few examples to the infra section showing how to add users to groups. For instance, adding someone to the wheel group. I added a section called "LDAP administration" but I left it blank. If you want to and have the time you can add some Gentoo specific examples of administrating the LDAP server, whatever you think may be important. If you don't have time or think it's unnecessary we can just remove that section. If there is anything you want added or removed or reworded, etc.. let me know. recruiters, can you review the recruiters section and see if there is any information missing that a new recruiter may need/want to know?
Created attachment 81740 [details] New ldap.xml attached ldap.xml view online: http://dev.gentoo.org/~curtis119/ldap.html
heh, I like it
I already noticed some errors in the first section about how recruiters and infra bind. I'll fix those tomorrow after some sleep. Also, I added sparrow to the list of servers that have been migrated to LDAP since I knew about it (are the services I have listed for it correct?). If there are any other boxes that have been migrated and need to be added let me know.
I don't know about sparrow, Lance can you help us for that list? Please remove "The certificates are specified via .ldaprc file in your /home/$USER directory. Removing that file is a Bad Thing." that's no longer the case. The "Organizational Units" paragraph misleading, recruiters should *always* bind as recruiters even if they are users and so on. This was clear in the old ldap.xml in "key concepts", I really don't know why a rewrite felt necessary. "All write operations performed by one user against another user must be performed on ldap1.gentoo.org, so be logged on to roadrunner.gentoo.org via ssh." << this is hidden later in the text, it should be clearly specified in the beginning imho. To be honest I find this version too verbose with example and confusing, I'd rather have people learning by understanding the concepts rather than having tons of examples. The current guide requires careful reading but once you do that you are fine. I know that people had some problems with it but only because they didn't read it carefully...not beacuse it was wrong and/or incomplete. Needless to say I still appreciate the effort. Infra, recruiters please comment. Btw, the new layout inherited by website redesign is quite poor compared to the old one, but I guess there's nothing we/you can do about it.
We don't manage groups yet. So I don't have examples for it yet.
Created attachment 82440 [details] ldap.xml I had a chat with lcars and have made the changes he requested here in the bug and a few other things. lcars, please review this and make sure I haven't left anything out and that everything is technically correct. I also rearranged a few sections, let me know if it is OK. Recruiters, I made some changes to your section. Please review it and give feedback. ldap.xml is attached. Viewable online at http://dev.gentoo.org/~curtis119/ldap.html
lcars, can I commit this?
commit away
I officially resign my role in maintaining that doc. Please feel free to do whatever you want with it and close this bug. My interpretation of it and expectations about our devs' reading abilities are obviously misplaced.
New version is being discarded in favor of the original. Closed as fixed.
Per an email conversation with lcars the draft attached here (ldap.xml 2006-03-17) has been commited to CVS.