From owner-freebsd-hackers@FreeBSD.ORG Sat Oct 30 11:44:33 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E70C116A4CE for ; Sat, 30 Oct 2004 11:44:33 +0000 (GMT) Received: from britannica.bec.de (eurobsdcon.punkt.de [217.29.47.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AF4F43D1D for ; Sat, 30 Oct 2004 11:44:33 +0000 (GMT) (envelope-from joerg@britannica.bec.de) Received: by britannica.bec.de (Postfix, from userid 1001) id E00EE532F; Sat, 30 Oct 2004 13:43:01 +0200 (CEST) Date: Sat, 30 Oct 2004 13:43:01 +0200 From: Joerg Sonnenberger To: FreeBSD Hackers Message-ID: <20041030114301.GB960@britannica.bec.de> Mail-Followup-To: FreeBSD Hackers References: <20041030024557.53081.qmail@web51805.mail.yahoo.com> <20041030112057.GD7262@bingo.tenfour> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041030112057.GD7262@bingo.tenfour> User-Agent: Mutt/1.4.2.1i Subject: Re: Feature request (pam/nss ldap, nsswitch ldap integration) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Oct 2004 11:44:34 -0000 On Sat, Oct 30, 2004 at 12:20:58PM +0100, Dick Davies wrote: > Trouble is openldap is one of those things everyone wants to configure > themselves - do you enable SASL support or not, what backends do you use > etc? IIRC SASL is pretty mandatory to correctly implement LDAP v3. Bigger question is GSSAPI (Kerberos 5!) and the backend. [..] > And it raises other questions, for example how do you handle mergemaster > when half your accounts are in LDAP and not the system databases? You should _not_ put system accounts into LDAP, that's that just wrong. So having them in the local database (whatever type that is) should work fine with mergemaster. Joerg