Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Aug 2006 10:58:52 +0200
From:      Andre Oppermann <andre@freebsd.org>
To:        Julian Elischer <julian@elischer.org>
Cc:        Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-current@freebsd.org, Robert Watson <rwatson@freebsd.org>, Michael Bushkov <bushman@rsu.ru>
Subject:   Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and more (SoC)
Message-ID:  <44F5534C.5070207@freebsd.org>
In-Reply-To: <44F4E40C.7000101@elischer.org>
References:  <44E9582C.2010400@rsu.ru>	<20060825220033.GC16768@turion.vk2pj.dyndns.org>	<20060826055402.W43127@fledge.watson.org>	<200608291627.32524.jhb@freebsd.org> <44F4E40C.7000101@elischer.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote:
> John Baldwin wrote:
>> On Saturday 26 August 2006 01:00, Robert Watson wrote:
>>
>> Agreed.  I also think LDAP would be a very useful thing to add.  I 
>> know that
>> I currently use NIS/yp because it just works and is integrated into 
>> the base,
>> etc.  I think adding LDAP as the logical successor to NIS/yp would be 
>> a good
>> thing.
>>
> I agree with John. Historically things have moved to the base system 
> when they
> have reached some amount of public use, and they have been needed for a 
> large number
> of othre parts.. e.g. SSL.
> 
> I think that LDAP has reached this point (in fact did so many several 
> years ago)
> and having a standard ldap implementation in the base system allows us 
> to make
> FreeBSD machien splay better in many environments.

The problem is that OpenLDAP is a very big thing.  It contains a number
of libraries and servers.  Importing the whole thing is clearly not the
right thing as we should only ship the LDAP library.  However more complications
come from the fact that you can build the LDAP library again with a number
of further options and dependencies on other libraries.  Depending on your
usage case you may need to turn one of those on or off for your other applications.
Topping it off OpenLDAP does quite a few releases a year with important bug
fixes.  This is quickly becoming backporting hell.  At the moment I'm not sure
if the slapd server refuses to run with an older library found in the base system.

For this LDAP library thing to work there has to be a painless way to overwrite
or override the base LDAP library with a custom, newer from ports or self-compiled
one.

A quick glance into the OpenLDAP install instructions reveals that it depends on
OpenSSL (check, it's in the base system), KERBEROS (optional in base system),
Cyrus SASL library (not in base system) and POSIX threads (check).  I don't think
we want to import Cyrus SASL into the base system.

-- 
Andre




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44F5534C.5070207>