Getting our LDAP story together (BoF)

LDAP as a technology has been around quite a while and found its way into all sizes of enterprises. For a dedicated system integrator, most of the use cases we'll discuss are possible to implement today using only free software. However, compared to commercial solutions like Active Directory/eDirectory, the LDAP experience under Debian is highly unpolished. I would like to see that rectified, but this will affect a lot of packages and so will need good coordination between different maintainers. In this BoF all interested parties will have a chance to get together and try to find a common path forward.

A few selected points of interest that will might touch: * LDAPv2 must die ! * Kerberos integration out-of-the-box (includes SASL) * finding common schemas, trying to support them under most debian apps * schema distribution and inclusion (cue: cn=config) * raise awareness of STRUCTURAL vs. AUXILIARY * replication * LDAP integration best practices

In the feisty timeframe, there have been a few specs developed in the ubuntuverse that deal with parts of this problem, but at the time of this writing, implementation has not yet seen the light of day. Of course we should steal freely from their ideas, but because this affects so many parts of debian, I would like to involve as many maintainers as possible and find a common ground.

Roughly half an hour will be dedicated to introducing everybody's own use- and corner-cases and favourite schemas, intermixed with open discussion. After that, if rough consensus can be reached, we would try to draft a first "LDAP policy", documenting best practices, and a number of TODOs for getting better integration of the core components (e.g. slapd, sasl, kerberos).

If there is further interest after that, a workgroup / hacking session could be arranged that tries to implement our discussion results in practise.