From owner-freebsd-hackers@FreeBSD.ORG Tue Apr 1 15:59:34 2008 Return-Path: <owner-freebsd-hackers@FreeBSD.ORG> Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 717491065675 for <freebsd-hackers@freebsd.org>; Tue, 1 Apr 2008 15:59:34 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.232]) by mx1.freebsd.org (Postfix) with ESMTP id 153A38FC13 for <freebsd-hackers@freebsd.org>; Tue, 1 Apr 2008 15:59:33 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: by wr-out-0506.google.com with SMTP id 50so1296352wra.13 for <freebsd-hackers@freebsd.org>; Tue, 01 Apr 2008 08:59:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=PRPGmL3Z7XjjPfKhm76Zx/eWd5qKANatRxXLE4mTvsw=; b=RVr4yITNNbOioOJSJg5BOTC6/S4tsDYMf69f6x6sgQojXCMDKFfMAsxDiOVABeRaeDnPg0n5S3V+tmiKalSYH6QrlJphzY/f2KwOjuK/HTcsV6RilnGTLWqueTe4ESbBzkhj9/sOuvjQvyyCvCuuV8fhaErVBcLDCcoaCMpjyyw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=VpqB91V6WiIUTFx9HacVM31WXS88S0JYnYOhLoL1Ooifedq4WaYcnas34srDWnjJIhCILcSgEZxC3TI47MLAIEXRvnG75rV+MnOpIjqhni0YEmgh+wybwL8zFSvXB7T9ZxGnadejAn4f1DoSUGLUFndqZIc2+69uOp21yxvxR6g= Received: by 10.141.154.5 with SMTP id g5mr4384488rvo.290.1207065572074; Tue, 01 Apr 2008 08:59:32 -0700 (PDT) Received: by 10.141.212.1 with HTTP; Tue, 1 Apr 2008 08:59:32 -0700 (PDT) Message-ID: <9bbcef730804010859m57518fcdmf243306f64f0ee80@mail.gmail.com> Date: Tue, 1 Apr 2008 17:59:32 +0200 From: "Ivan Voras" <ivoras@freebsd.org> Sender: ivoras@gmail.com To: "Mike Meyer" <mwm@mired.org> In-Reply-To: <20080401110759.040dc4a9@mbook-fbsd> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <763154.59087.qm@web54302.mail.re2.yahoo.com> <20080331172552.313e8d49@bhuda.mired.org> <fstbkr$a2a$1@ger.gmane.org> <20080401110759.040dc4a9@mbook-fbsd> X-Google-Sender-Auth: 24219a986d8ab238 Cc: freebsd-hackers@freebsd.org Subject: Re: Feature request X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD <freebsd-hackers.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers> List-Post: <mailto:freebsd-hackers@freebsd.org> List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 01 Apr 2008 15:59:34 -0000 On 01/04/2008, Mike Meyer <mwm@mired.org> wrote: > On Tue, 01 Apr 2008 15:00:05 +0200 Ivan Voras <ivoras@freebsd.org> wrote: > > > > > > Why OpenLDAP? Why not one of the other ldap implementations available > > > in the ports? In particular, do any of them already have plugins for > > > use with pam? > > > > What are the other LDAP implementations in ports? Especially the ones > > that are actively maintained (which excludes tinyldap)? Any compliant > > LDAP server with proper schemas will "support" PAM. > > Why does it need to be actively maintained? After all, if we're going > to pull it into the base system, we'll have to find someone to > actively maintain the code in the base system. If no one is > maintaining the code externally, that in some ways makes their job > easier. Because history shows that even currently supported software (bind, sendmail, gcc) are hard to maintain :) It would take a person to pick up actively maintaining a software if its practically dead before even thinking of putting it in base. (Though those things could happen simultaneously - someone picking it up and putting it in base, the probability is very low). > And I didn't say "support", I said "already have plugins". Sure, > anything can be connected to PAM if you can get someone to write the > plugins. Or are you saying there's already an ldap plugin that uses > ldap schemas? Yes. I've been using pam_ldap and nss_ldap soon after they were available on FreeBSD (i.e. somewhere in the 5.x lifecycle). These support any LDAP server that has proper schemas (think of "LDAP schema" as a struct in C or a SQL table structure...).