From owner-freebsd-current@FreeBSD.ORG Wed Aug 30 14:45:36 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CBFB16A4E1; Wed, 30 Aug 2006 14:45:36 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id F192D43D55; Wed, 30 Aug 2006 14:45:35 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.13.6/8.13.6) id k7UEjQLl065078; Wed, 30 Aug 2006 09:45:26 -0500 (CDT) (envelope-from dan) Date: Wed, 30 Aug 2006 09:45:26 -0500 From: Dan Nelson To: Andre Oppermann Message-ID: <20060830144526.GA54930@dan.emsphone.com> References: <44E9582C.2010400@rsu.ru> <20060825220033.GC16768@turion.vk2pj.dyndns.org> <20060826055402.W43127@fledge.watson.org> <200608291627.32524.jhb@freebsd.org> <44F4E40C.7000101@elischer.org> <44F5534C.5070207@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44F5534C.5070207@freebsd.org> X-OS: FreeBSD 6.1-STABLE X-message-flag: Outlook Error User-Agent: Mutt/1.5.12-2006-07-14 Cc: Peter Jeremy , freebsd-current@freebsd.org, Robert Watson , Julian Elischer , Michael Bushkov Subject: Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and more (SoC) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2006 14:45:36 -0000 In the last episode (Aug 30), Andre Oppermann said: > Julian Elischer wrote: > >John Baldwin wrote: > >>Agreed. I also think LDAP would be a very useful thing to add. I > >>know that I currently use NIS/yp because it just works and is > >>integrated into the base, etc. I think adding LDAP as the logical > >>successor to NIS/yp would be a good thing. > > > >I agree with John. Historically things have moved to the base system > >when they have reached some amount of public use, and they have been > >needed for a large number of othre parts.. e.g. SSL. > > > >I think that LDAP has reached this point (in fact did so many > >several years ago) and having a standard ldap implementation in the > >base system allows us to make FreeBSD machien splay better in many > >environments. > > The problem is that OpenLDAP is a very big thing. It contains a > number of libraries and servers. Importing the whole thing is > clearly not the right thing as we should only ship the LDAP library. > However more complications come from the fact that you can build the > LDAP library again with a number of further options and dependencies > on other libraries. Depending on your usage case you may need to > turn one of those on or off for your other applications. Topping it > off OpenLDAP does quite a few releases a year with important bug > fixes. This is quickly becoming backporting hell. At the moment I'm > not sure if the slapd server refuses to run with an older library > found in the base system. > > For this LDAP library thing to work there has to be a painless way to > overwrite or override the base LDAP library with a custom, newer from > ports or self-compiled one. > > A quick glance into the OpenLDAP install instructions reveals that it > depends on OpenSSL (check, it's in the base system), KERBEROS > (optional in base system), Cyrus SASL library (not in base system) > and POSIX threads (check). I don't think we want to import Cyrus > SASL into the base system. The openldap client port builds WITHOUT_SASL=YES, though, so that's not a problem. -- Dan Nelson dnelson@allantgroup.com