Date: Wed, 30 Aug 2006 09:45:26 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Andre Oppermann <andre@freebsd.org> Cc: Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-current@freebsd.org, Robert Watson <rwatson@freebsd.org>, Julian Elischer <julian@elischer.org>, Michael Bushkov <bushman@rsu.ru> Subject: Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and more (SoC) Message-ID: <20060830144526.GA54930@dan.emsphone.com> In-Reply-To: <44F5534C.5070207@freebsd.org> References: <44E9582C.2010400@rsu.ru> <20060825220033.GC16768@turion.vk2pj.dyndns.org> <20060826055402.W43127@fledge.watson.org> <200608291627.32524.jhb@freebsd.org> <44F4E40C.7000101@elischer.org> <44F5534C.5070207@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Aug 30), Andre Oppermann said: > Julian Elischer wrote: > >John Baldwin wrote: > >>Agreed. I also think LDAP would be a very useful thing to add. I > >>know that I currently use NIS/yp because it just works and is > >>integrated into the base, etc. I think adding LDAP as the logical > >>successor to NIS/yp would be a good thing. > > > >I agree with John. Historically things have moved to the base system > >when they have reached some amount of public use, and they have been > >needed for a large number of othre parts.. e.g. SSL. > > > >I think that LDAP has reached this point (in fact did so many > >several years ago) and having a standard ldap implementation in the > >base system allows us to make FreeBSD machien splay better in many > >environments. > > The problem is that OpenLDAP is a very big thing. It contains a > number of libraries and servers. Importing the whole thing is > clearly not the right thing as we should only ship the LDAP library. > However more complications come from the fact that you can build the > LDAP library again with a number of further options and dependencies > on other libraries. Depending on your usage case you may need to > turn one of those on or off for your other applications. Topping it > off OpenLDAP does quite a few releases a year with important bug > fixes. This is quickly becoming backporting hell. At the moment I'm > not sure if the slapd server refuses to run with an older library > found in the base system. > > For this LDAP library thing to work there has to be a painless way to > overwrite or override the base LDAP library with a custom, newer from > ports or self-compiled one. > > A quick glance into the OpenLDAP install instructions reveals that it > depends on OpenSSL (check, it's in the base system), KERBEROS > (optional in base system), Cyrus SASL library (not in base system) > and POSIX threads (check). I don't think we want to import Cyrus > SASL into the base system. The openldap client port builds WITHOUT_SASL=YES, though, so that's not a problem. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060830144526.GA54930>