===================================
Openldap goals and lessons learned:
===================================

Goals:
======
.. _goals:

*   ID steps to renew ldap server certs (including the CA cert)
*   ID steps to enforce cert verification: ``TLS_REQCERT demand``
*   Configure UNIX authentication through ldap

    *   Authentication information:

        *   Groups (done ~)
        *   Users (done ~)
        *   ssh public keys
        *   ssh private keys (particularly, if we can force 'em to be
            passphrase protected and use a forced command.
        *   sudo (see sets in ch 8.5)

    *   Authentication restrictions:

        *   Certain users on certain systems only
        *   Password aging (overlay (chapter 12))
        *   Password complexity (overlay (chapter 12))
        *   tcpwrappers

*   Configure sudo through ldap
*   Configure automounted home dires through ldap
*   Create cmdb in ldap? host info - for use w/puppet.
*   Configure puppet ENC to use ldap
*   Build/configure openldap from scratch for experience; however, primary
    goal is to use rpms for patching capability.
*   Study/experiment w/ldap ACLs, including security strength factors (ssf)
*   Configure pictures in the ldap directory. (can be base64 encoded ascii 
    string)
*   Study/experiment w/ access/audit logging, particularly for samba.
*   Deconflict nslcd and sssd in a mixed environment (legacy/sssd)

    *   User authentication: nslcd: constant pwd change requirements
    *