From owner-freebsd-current@FreeBSD.ORG Wed Aug 30 08:58:58 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3765B16A4E1 for ; Wed, 30 Aug 2006 08:58:58 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A984143D78 for ; Wed, 30 Aug 2006 08:58:53 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 61422 invoked from network); 30 Aug 2006 08:45:14 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 30 Aug 2006 08:45:14 -0000 Message-ID: <44F5534C.5070207@freebsd.org> Date: Wed, 30 Aug 2006 10:58:52 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b) Gecko/20050217 MIME-Version: 1.0 To: Julian Elischer References: <44E9582C.2010400@rsu.ru> <20060825220033.GC16768@turion.vk2pj.dyndns.org> <20060826055402.W43127@fledge.watson.org> <200608291627.32524.jhb@freebsd.org> <44F4E40C.7000101@elischer.org> In-Reply-To: <44F4E40C.7000101@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Peter Jeremy , freebsd-current@freebsd.org, Robert Watson , Michael Bushkov Subject: Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and more (SoC) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2006 08:58:58 -0000 Julian Elischer wrote: > John Baldwin wrote: >> On Saturday 26 August 2006 01:00, Robert Watson wrote: >> >> Agreed. I also think LDAP would be a very useful thing to add. I >> know that >> I currently use NIS/yp because it just works and is integrated into >> the base, >> etc. I think adding LDAP as the logical successor to NIS/yp would be >> a good >> thing. >> > I agree with John. Historically things have moved to the base system > when they > have reached some amount of public use, and they have been needed for a > large number > of othre parts.. e.g. SSL. > > I think that LDAP has reached this point (in fact did so many several > years ago) > and having a standard ldap implementation in the base system allows us > to make > FreeBSD machien splay better in many environments. The problem is that OpenLDAP is a very big thing. It contains a number of libraries and servers. Importing the whole thing is clearly not the right thing as we should only ship the LDAP library. However more complications come from the fact that you can build the LDAP library again with a number of further options and dependencies on other libraries. Depending on your usage case you may need to turn one of those on or off for your other applications. Topping it off OpenLDAP does quite a few releases a year with important bug fixes. This is quickly becoming backporting hell. At the moment I'm not sure if the slapd server refuses to run with an older library found in the base system. For this LDAP library thing to work there has to be a painless way to overwrite or override the base LDAP library with a custom, newer from ports or self-compiled one. A quick glance into the OpenLDAP install instructions reveals that it depends on OpenSSL (check, it's in the base system), KERBEROS (optional in base system), Cyrus SASL library (not in base system) and POSIX threads (check). I don't think we want to import Cyrus SASL into the base system. -- Andre