forked from martymac/ldapscripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
26 lines (24 loc) · 1.65 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
TODO (ideas) :
**************
- Ability to specify gecos and cn as command line arguments to ldapadduser
- Ability to pass password to ldapsetpasswd in a secure way (via file)
- Get rid of functions returning their results through shared variables
- Call variables using the cleaner ${} syntax
- Improve ldapid/ldapgid to dump the whole directory if no argument is given
- Make the runtime file useable as a shell library : avoid exit in end_* functions
- Send ldap clients error logs to stdout as well as to logfile
- Allow use of DNs (instead of short names) as command arguments
- Make some scripts useable with lower privileges than root :
- Move ldapid, ldapfinger, ldapsetpasswd, lsldap to bin/ and set them suid
- Allow common users to use these tools. It will require a kind of privilege separation
not to bypass OpenLDAP ACLs (binding with user's account id necessary).
- Ldapsetpasswd without any argument should change the caller's passwd if logname != root
- Check for base (mandatory) binaries at install time (new 'test' target => sed, grep, ...)
Better testing on configured/additional binaries at run time (e.g. add -f for each -x test)
- Allow to use %g (goup name) in ldapadduser (for _HOMEDIR and _genpassword)
- Add more options to the scripts (a better parsing will be necessary)
- an option to ldapdeleteuser to delete users' home directories
- a 'dry-run' option to display (only) LDIF data
- an option to modify the home dirs (LDAP + directory + rights) of a user when renaming it ?
- an option to modify related groups (memberUid's) when renaming/deleting a user/machine ?
- an option to block deleting a group if it is a user's primary group ?