= Poneys = == move all mail config into ldap == Everything. * user mail forwards, mail user +extension forwards, mail user +extension pipes, all of it. * service domain aliases files * service domains whitelists/blacklists/neverusers/RBLs == puppet poneys == * update external puppet modules ** xinetd used: own module, maybe move to puppetlabs xinetd module * setup regression testing environment == ud-ldap == * Non-DD accounts: ** new object classes? Something to differentiate ** Would like to always add NM/DM/etc ** Possibly porter box access for NM/DM ? * ud-cruft: ** Clean up old expired entries * scale ud-generate: ** ldap replication? * Security: ** LDAP query interface read-only with hidden master ** Privileged modify operations should only be allowed from lo. * Code base: ** Could we have one, please? == mail handling == * move @d.o to MXes (different source IP to avoid RBL for important mail?) == DSA trainees == * root everywhere, no authority to speak for team == Web auth == * SSO for web apps (nagios, rt, wiki, etc) * Tied to ud-ldap (but not LDAP password, dammit!) == Munin replacement == * Something that is scriptable and scales == Nagios config == * Way to test IPv6, without duplicating all of our config == DNS/SSHFP == * It'd be nice if service names like db.d.o had sshfp records in DNS. This is tricky because some of the purpose service names are CNAMEs, but not all.