Poneys

move all mail config into ldap

Everything.

• user mail forwards, mail user +extension forwards, mail user +extension pipes, all of it.
• service domain aliases files
• service domains whitelists/blacklists/neverusers/RBLs

puppet poneys

• update external puppet modules
• xinetd used: own module, maybe move to puppetlabs xinetd module
• setup regression testing environment

ud-ldap

• Non-DD accounts:
• new object classes? Something to differentiate
• Would like to always add NM/DM/etc
• Possibly porter box access for NM/DM ?
• Partly done via guest accounts

• ud-cruft:
• Clean up old expired entries

• scale ud-generate:
• ldap replication?

• Security:
• LDAP query interface read-only with hidden master
• Privileged modify operations should only be allowed from lo.

• Code base:
• Could we have one, please?

mail handling

• move @d.o to MXes (different source IP to avoid RBL for important mail?)
• done for @d.o itself, not all @foo.d.o yet

DSA trainees

• root everywhere, no authority to speak for team

Web auth

• SSO for web apps (nagios, rt, wiki, etc)
• Tied to ud-ldap (but not LDAP password, dammit!)

Munin replacement

• Something that is scriptable and scales

Nagios config

• Way to test IPv6, without duplicating all of our config

DNS/SSHFP

• It'd be nice if service names like db.d.o had sshfp records in DNS. This is tricky because some of the purpose service names are CNAMEs, but not all.