Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: tom_hoffman on April 27, 2012, 09:22:50 pm
-
Some discussion has been started on the possibility of using Zentyal as the basis for a new Edubuntu server for schools -- https://blueprints.launchpad.net/ubuntu/+spec/other-edubuntu-zentyal-integration
I manage the development of SchoolTool, which is a free student information system -- http://schooltool.org
SchoolTool is used in a similar project -- the Critical Links Education Appliance, based on the EdgeBox -- where events in SchoolTool (adding users, creating classes) trigger messages sent to a proprietary integration service which propagates those changes throughout the system (adds the user to the OS level, Moodle, etc).
Does Zentyal have similar event and message handling services?
Of course, there are other ways to handle the problem or parts of it, including using LDAP extensively.
-
Bump on this topic.
The development of Schooltool has come to a point that LDAP integration is possible. This would make Schooltool an easy to integrate solution for a School administration system
More info on the LDAP plugin: http://book.schooltool.org/ldap.html
Especially the following excerpt: "...If you have installed Zentyal (http://www.zentyal.com/) on the same server and configured Users / Groups modules, SchoolTool should be able to pick up LDAP settings automatically..."
Anyone willing to investigate this further?
-
there is the zentyal framwork, that is event driven, but in any case i would suggest to take a top-down approach if possible.. from my perspective meaning that you create one master interface that is in controll and adding roles that comply to that structure,
for example, what would happen if in schooltool you change the suer from groep a to group b for example when %user% is a slow learner... will that also make him being in a diferent OU (with difeterent GPO's), a diferent classroom and diferent default printers.
as zentyal is all about managing a network, from samba4 and proxy ranging to email & jabber ccounts and logon hour restrictions)... creating virtical user managenment could potentially only make things more difficult...
note that im not a developer, but i would apreaciate mutch, an approach that resembles some what, how software like joomla, and wordpress are intergrated with loads of diferent user management scemes, from internal mysql based, via openID to Ldap and Kerberos...
i would really like to seccond Robb's bump, to see a discussion on how the two can work together without 'one' intefering with the other's 'work'
-
If I understood the implementation of schooltool.ldap correctly it isn't exactly reading from the LDAP tree directly. When a user in schooltool is logging in with an LDAP account, the account with all permissions etc, will be copied over from the LDAP tree into the user management of schooltool. So I don't think changes in schooltool will change anything for the rest of the network management.
Maybe Tom Hoffman can comment on this?
Just had a small chat in #schooltool and turns out that schooltool.ldap is only available for precise and up... so no ldap integration for zentyal 2.2 (at least, not now)
-
I'm always very surprised to notice how all these guys developing solutions see LDAP as a protocol to be used in a private, non shared way, like if you were saying:
"well, I need to resolve names and IP. DNS protocol is perfect but I should deploy my own dedicated instance..." impressive >:( >:(
-
Christian,
In this case (and maybe in many other cases) It might be not that bad to not 'mess around' with the LDAP database of Zentyal. In this case the own user database, as is all other data of the application, is stored in 1 big file called Data.fs (the backend is Zope)
What the plugin does is copying the credentials from LDAP to the own database and syncs it 1 way.
I see some advantages, like not making Zentyal more complex than it is already.
btw, The schooltool guys backported the schooltool.ldap plugin to lucid, so it is now available for Zentyal 2.x too. I did the install this afternoon and it works like a charm!
I will make a short howto on this soon.
-
Sorry if I react strongly, I hope nobody will misunderstand my point.
I never see any advantage in duplicating account repository.
Either your applicaiton can't speak LDAP protocol and then there is no choice, so duplicating is mandatory as a workaround or your application is LDAP aware and duplicating as much more cons than pros, except perhaps if you rely on really weird LDAP repository that is too much customized and hardly linked to one application.
Look at AD: this can be seen as an LDAP server but its primary purpose is to act as back-end for Microsoft domain and related applications.
From my standpoint, LDAP in Zentyal, although not that proprietary, is quite close of this :(
And Samba is already following same approach >:(
Does it still make sense to maintain LDAP server and expose it as an LDAP server. Obviously no as there is very little you can do. In such case, better is to rush toward Kerberos for authentication and maintain your own repository. LDAP or not is your choice but this is a "proprietary" one.
For each application owner perspective, there is always only advantages in maintaining your own repository. Real problem is that is doesn't scale safely as you end up with tons of synchronization processes.