Re: Feature request (pam/nss ldap, nsswitch ldap integration)

From: *** Davies (rasputnik_at_hellooperator.net)
Date: 10/30/04

  • Next message: Eric Masson: "Re: Feature request (pam/nss ldap, nsswitch ldap integration)" 
    Date: Sat, 30 Oct 2004 12:20:58 +0100
To: FreeBSD Hackers <freebsd-hackers@freebsd.org>

    * Patrick Dung <patrick_dkt@yahoo.com.hk> [1045 03:45]:

    > So my suggestion is: integrate pam_ldap, nss_ldap, nsswitch support
    > with ldap and lookupd (ie LDAP client support) into the OS.

    Trouble is openldap is one of those things everyone wants to configure
    themselves - do you enable SASL support or not, what backends do you use
    etc?

    Granted most of this is on the server, but there's also the extra work
    involved in updating it all the time - openldap in particular seems to
    be a fairly fast moving target.

    I'm not sure importing all that code would win you much over a pkg_add
    anyway.

    And it raises other questions, for example how do you handle mergemaster
    when half your accounts are in LDAP and not the system databases?

    Though I would really like to see nss_ldap extended to gather more information
    over LDAP - incidentally, does anyone know why that isn't enabled? Is there a
    technical reason or is it just caution?

    > The integration with LDAP is like the integration of OpenPAM,
    > OpenSSH, AMD automounter and BIND in FreeBSD.

    Trouble is it might be like the integration of Perl :) 

    -- 
The pie is ready. You guys like swarms of things, right? - Bender
Rasputin :: Jack of All Trades - Master of Nuns
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
  • Next message: Eric Masson: "Re: Feature request (pam/nss ldap, nsswitch ldap integration)"
    • Quantcast