Date: Sat, 30 Oct 2004 13:49:28 +0100 From: Dick Davies <rasputnik@hellooperator.net> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Feature request (pam/nss ldap, nsswitch ldap integration) Message-ID: <20041030124928.GE7262@bingo.tenfour> In-Reply-To: <20041030114301.GB960@britannica.bec.de> References: <20041030024557.53081.qmail@web51805.mail.yahoo.com> <20041030112057.GD7262@bingo.tenfour> <20041030114301.GB960@britannica.bec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
* Joerg Sonnenberger <joerg@britannica.bec.de> [1043 12:43]: > On Sat, Oct 30, 2004 at 12:20:58PM +0100, Dick Davies wrote: > > Trouble is openldap is one of those things everyone wants to configure > > themselves - do you enable SASL support or not, what backends do you use > > etc? > > IIRC SASL is pretty mandatory to correctly implement LDAP v3. Bigger > question is GSSAPI (Kerberos 5!) and the backend. > > [..] > > And it raises other questions, for example how do you handle mergemaster > > when half your accounts are in LDAP and not the system databases? > > You should _not_ put system accounts into LDAP, that's that just wrong. > So having them in the local database (whatever type that is) should work > fine with mergemaster. I can see why you say that, but there are times when it's useful (rsyncing between different OSes for starters where you want to preserve permissions, for example - you don't have to ensure that all /etc/passwd, /etc/shadow, whatever happen to have the same uid listed in this case). -- The pie is ready. You guys like swarms of things, right? - Bender Rasputin :: Jack of All Trades - Master of Nuns
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041030124928.GE7262>