From owner-freebsd-hackers@FreeBSD.ORG Sat Oct 30 11:21:01 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9797E16A4CE for ; Sat, 30 Oct 2004 11:21:01 +0000 (GMT) Received: from 9.hellooperator.net (cpc3-cdif2-3-0-cust202.cdif.cable.ntl.com [81.103.32.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50CDB43D31 for ; Sat, 30 Oct 2004 11:21:01 +0000 (GMT) (envelope-from rasputnik@hellooperator.net) Received: from [10.4.0.1] (helo=bingo.tenfour) by 9.hellooperator.net with esmtp (Exim 4.43) id 1CNrGv-00066g-Q3 for freebsd-hackers@freebsd.org; Sat, 30 Oct 2004 12:19:51 +0100 Received: from rasputnik by bingo.tenfour with local (Exim 4.43 (FreeBSD)) id 1CNrI2-0003Nr-8U for freebsd-hackers@freebsd.org; Sat, 30 Oct 2004 12:20:58 +0100 Date: Sat, 30 Oct 2004 12:20:58 +0100 From: Dick Davies To: FreeBSD Hackers Message-ID: <20041030112057.GD7262@bingo.tenfour> References: <20041030024557.53081.qmail@web51805.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041030024557.53081.qmail@web51805.mail.yahoo.com> User-Agent: Mutt/1.4.2.1i X-Spam-Score: -1.2 (-) Subject: Re: Feature request (pam/nss ldap, nsswitch ldap integration) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Oct 2004 11:21:01 -0000 * Patrick Dung [1045 03:45]: > So my suggestion is: integrate pam_ldap, nss_ldap, nsswitch support > with ldap and lookupd (ie LDAP client support) into the OS. Trouble is openldap is one of those things everyone wants to configure themselves - do you enable SASL support or not, what backends do you use etc? Granted most of this is on the server, but there's also the extra work involved in updating it all the time - openldap in particular seems to be a fairly fast moving target. I'm not sure importing all that code would win you much over a pkg_add anyway. And it raises other questions, for example how do you handle mergemaster when half your accounts are in LDAP and not the system databases? Though I would really like to see nss_ldap extended to gather more information over LDAP - incidentally, does anyone know why that isn't enabled? Is there a technical reason or is it just caution? > The integration with LDAP is like the integration of OpenPAM, > OpenSSH, AMD automounter and BIND in FreeBSD. Trouble is it might be like the integration of Perl :) -- The pie is ready. You guys like swarms of things, right? - Bender Rasputin :: Jack of All Trades - Master of Nuns