Skip to Content.
Sympa Menu

devel - Re: [sympa-dev] Ldap updates from sympa

Subject: Developers of Sympa

List archive

Chronological Thread  
  • From: "Patrick von der Hagen" <address@concealed>
  • To: "Joe Vieira" <address@concealed>
  • Cc: <address@concealed>
  • Subject: Re: [sympa-dev] Ldap updates from sympa
  • Date: Thu, 17 Jan 2008 11:22:59 +0100

Am Mittwoch, den 16.01.2008, 16:10 -0500 schrieb Joe Vieira:
[...]
> I work at a university (Clark University), and we are looking to
> implement Sympa with an LDAP backend. one of the things we are
> looking for is the ability for our mailing list software to be able to
> update our ldap groups. it looks like there are some development
> documents pertaining to this in your dev
> section..(exporting_groups_in_ldap) i am curious who is working on
> this project, what state it is in, and if i can help contribute to it
> to make it happen quickly and well. I'm quite good at perl and know a
> lot about LDAP structures and design.
I'm very sceptical about that development and consider it to be the
wrong way to go. That's why I send this message to the list instead of
off-list.
It is not about technical aspects, but if several people use different
interfaces for messing around with data, it is my experience to run into
organizational problems.

Imagine a restricted resource granting access based on
LDAP-group-membership and a responsible person expecting to be asked for
approval before granting access. Someone else doesn't know about such
policies or the implications about adding someone to a mailinglist and
suddenly someone gets access to a restricted resource who should not.

You would probably only know "at some time someone added a group-entry"
and you are expected to find out "who did the change", "who approved the
change" and "when did it happen".
You can only reliably do that if you restrict yourself to ONE point of
change where you can provide some kind of audit-log. Digging around "it
might have been the help-desk... but I can't find anything in their
logs.... it might have been sympa... but I don't keep sympa-logs long
enough... it might have been an LDAP-admin, but they don't even make a
note when changing a group-entry in the directory..." is really ugly.

--
CU,
Patrick.

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.19+.

Top of Page