Date: Sat, 30 Oct 2004 12:20:58 +0100 From: Dick Davies <rasputnik@hellooperator.net> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Feature request (pam/nss ldap, nsswitch ldap integration) Message-ID: <20041030112057.GD7262@bingo.tenfour> In-Reply-To: <20041030024557.53081.qmail@web51805.mail.yahoo.com> References: <20041030024557.53081.qmail@web51805.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Patrick Dung <patrick_dkt@yahoo.com.hk> [1045 03:45]: > So my suggestion is: integrate pam_ldap, nss_ldap, nsswitch support > with ldap and lookupd (ie LDAP client support) into the OS. Trouble is openldap is one of those things everyone wants to configure themselves - do you enable SASL support or not, what backends do you use etc? Granted most of this is on the server, but there's also the extra work involved in updating it all the time - openldap in particular seems to be a fairly fast moving target. I'm not sure importing all that code would win you much over a pkg_add anyway. And it raises other questions, for example how do you handle mergemaster when half your accounts are in LDAP and not the system databases? Though I would really like to see nss_ldap extended to gather more information over LDAP - incidentally, does anyone know why that isn't enabled? Is there a technical reason or is it just caution? > The integration with LDAP is like the integration of OpenPAM, > OpenSSH, AMD automounter and BIND in FreeBSD. Trouble is it might be like the integration of Perl :) -- The pie is ready. You guys like swarms of things, right? - Bender Rasputin :: Jack of All Trades - Master of Nuns
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041030112057.GD7262>