[ale] Low resource, easy to admin LDAP server

DJ-Pfulio DJPfulio at jdpfu.com
Fri Dec 23 10:43:45 EST 2016 

If there is a tiny perl/python/ruby front-end for LDAP, I think that was
the original question. I'd like one.  A 30% solution would be fine. User
add/mod/del, POSIX support. Don't need much.  Oh ... and NO JAVA!



Some places pay for support by the GB installed, not that 300MB is a big
deal, but it adds up when another dedicated box is necessary, then an
active backup, pre-prod, DR, test, dev ...  When 18G disks weren't
available anymore, the 36G drives almost doubled the cost of project
support costs. No, I didn't negotiate the support contract nor do I have
any input on changing it.  With 60K+ servers, easy to count is the rule.
 I think the contract works out to something like this:
* Unix / Windows
* Raw storage amount (SAN/used doesn't matter)
* DB Server or not.
* Clustered or not.
* Internet facing or internal only.
The formula/count has to be simple. SW licenses are not included. I
don't work at a place like that anymore, but some people do.

Whenever I see 241 dependencies, that's at least 50 things that need
understanding, configuration, knowledge, and security consideration. In
theory, I'd already know 10-50% of those.


Being lazy like I am, currently using Zimbra for the LDAP maintenance
GUI.  Not ideal. It is a dog, but it is a system already being used and
doesn't require another set of boxes to be brought up. Some of the POSIX
extensions are ugly and break with every Zimbra update.  They really
just want everyone to use AD, it seems.  I can bring up a new Zimbra
machine in about 45 min. I've already done the time to learn the 15
projects that make it up and know how to avoid putting it directly on
the internet, but still have email flow. ;)

Oh, and that apt-install WAS on a system running systemd already. Have 2
of those systems today. Besides that, it was fairly empty.

I'm jealous of FreeIPA, secretly. Sorta wish I worked somewhere it could
be deployed.

I didn't show the dependencies for the freeipa-client. ;)


On 12/23/2016 08:21 AM, Jim Kinney wrote:
> Hah, hah. I don't think of hard drive space or package count any more.
> For me, an application that pulls in 150 dependencies and requires 280
> MB when installed is nothing when it's on a system with 6 4TB drives in
> a RAID6.
> 
> As I use freeipa at work, it's pretty easy to setup and it includes
> automatic replication. Since I don't have to do a zillion configuration
> steps before it runs, that's "lightweight" for me.
> 
> Yeah. Freeipa is overkill for just storing names and phone numbers. A
> flat file and a grep search is really light and fast enough up to many
> hundreds of entries. Slap a tiny perl/python/ruby web front end on it
> and call it a day.
> 
> On Dec 22, 2016 10:37 PM, "DJ-Pfulio" <DJPfulio at jdpfu.com
> <mailto:DJPfulio at jdpfu.com>> wrote:
> 
>     And FreeIPA meets those requirements?  Truly?
>     $ sudo apt install freeipa-server
>     Reading package lists... Done
>     Building dependency tree
>     Reading state information... Done
> 
>     The following additional packages will be installed:

More information about the Ale mailing list