... | ... | @@ -1310,23 +1310,57 @@ reasons: |
|
|
back then, which was created in 1993)
|
|
|
|
|
|
## Goals
|
|
|
<!-- include bugs to be fixed -->
|
|
|
|
|
|
The goal of the current discussion would be to find a way to fix the
|
|
|
problems outlined above, either by rewriting or improving ud-ldap,
|
|
|
replacing parts of it, or replacing ud-ldap completely with something
|
|
|
else, possibly removing LDAP as a database altogether.
|
|
|
|
|
|
### Must have
|
|
|
|
|
|
* framework in use must be supported for the forseeable future
|
|
|
(e.g. not Python 2)
|
|
|
* unit tests or at least upstream support must be active
|
|
|
* system must be simpler to understand and diagnose
|
|
|
* single source of truth: overlap with Puppet must be
|
|
|
resolved. either Puppet uses LDAP as a source of truth (e.g. for
|
|
|
hosts and users) or LDAP goes away. compromises are possible:
|
|
|
Puppet could be the source of truth for hosts, and LDAP for users.
|
|
|
|
|
|
### Nice to have
|
|
|
|
|
|
* use one language across the board (e.g. Python 3 everywhere)
|
|
|
* reuse existing project's code, for example an existing LDAP
|
|
|
dashboard or authentication system
|
|
|
* ditch LDAP. it's hard to understand and uncommon enough to cause
|
|
|
significant confusion for users.
|
|
|
|
|
|
### Non-Goals
|
|
|
|
|
|
* we should avoid writing our own control panel, if possible
|
|
|
|
|
|
## Approvals required
|
|
|
<!-- for example, legal, "vegas", accounting, current maintainer -->
|
|
|
|
|
|
The proposed solution should be adopted unanimously by TPA. A survey
|
|
|
might be necessary to confirm our users would be happy with the change
|
|
|
as well.
|
|
|
|
|
|
## Proposed Solution
|
|
|
|
|
|
In the short term, the situation with Python 2 needs to be
|
|
|
resolved. Either the Python code needs to be ported to Python 3, or it
|
|
|
needs to be replaced by something else. That is "urgent" in the sense
|
|
|
that Python 2 is already end of life and will likely not be supported
|
|
|
by the next Debian release, around summer 2024.
|
|
|
|
|
|
TODO: propose a solution to resolve the issues with ud-ldap
|
|
|
|
|
|
## Cost
|
|
|
|
|
|
TODO: part of which budget?
|
|
|
This would be part of the running TPA budget.
|
|
|
|
|
|
## Alternatives considered
|
|
|
|
|
|
<!-- include benchmarks and procedure if relevant --> |
|
|
TODO: evaluate LDAP control panels?
|
|
|
|
|
|
TODO: evaluate what parts of ud-ldap could be replaced with Puppet. |