From owner-freebsd-hackers@FreeBSD.ORG  Sat Oct 30 11:13:15 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BCFCC16A4CE
	for <freebsd-hackers@freebsd.org>;
	Sat, 30 Oct 2004 11:13:15 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D9E343D31
	for <freebsd-hackers@freebsd.org>;
	Sat, 30 Oct 2004 11:13:15 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i9UBCZi4032123;
	Sat, 30 Oct 2004 07:12:35 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i9UBCZtP032120;
	Sat, 30 Oct 2004 12:12:35 +0100 (BST)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 30 Oct 2004 12:12:34 +0100 (BST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Patrick Dung <patrick_dkt@yahoo.com.hk>
In-Reply-To: <20041030024557.53081.qmail@web51805.mail.yahoo.com>
Message-ID: <Pine.NEB.3.96L.1041030121110.30993B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-hackers@freebsd.org
Subject: Re: Feature request (pam/nss ldap, nsswitch ldap integration)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Oct 2004 11:13:15 -0000

On Sat, 30 Oct 2004, Patrick Dung wrote:

> First of all, I know that most committers or contributors contribute
> their work in their free time.  I am not asking for any promise but I
> just want to discuss a possible improvement for FreeBSD. 
> 
> So my suggestion is: integrate pam_ldap, nss_ldap, nsswitch support with
> ldap and lookupd (ie LDAP client support) into the OS.  Perhaps by
> default, the ldap support is off.  It can be enabled by a switch in
> /etc/make.conf (like KERBEROS) 
> 
> FreeBSD has the above support in the ports.  But I think it would be
> great if FreeBSD support LDAP out of the box.  Just like Solaris and
> most Linux distro.  The integration with LDAP is like the integration of
> OpenPAM, OpenSSH, AMD automounter and BIND in FreeBSD. 

This is something I'd very much like to see happen -- while we don't have
an Active Directory infrastructure at work, our goal in finding funding
for the NSS work was specifically to facilitate this happening.  While
some will undoubtably complain, supporting immediate and tight integration
with active directory would be quite useful.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Principal Research Scientist, McAfee Research