From owner-freebsd-current@FreeBSD.ORG Fri Jul 7 16:17:24 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B2A916A4DA; Fri, 7 Jul 2006 16:17:24 +0000 (UTC) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E6C543D58; Fri, 7 Jul 2006 16:17:24 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k67GHNe5009836; Fri, 7 Jul 2006 09:17:23 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k67GHNE6009829; Fri, 7 Jul 2006 09:17:23 -0700 Date: Fri, 7 Jul 2006 09:17:23 -0700 From: Brooks Davis To: Peter Jeremy Message-ID: <20060707161723.GA4842@odin.ac.hmc.edu> References: <44AD2569.9070007@rsu.ru> <44ADEBCC.70607@FreeBSD.org> <003c01c6a18b$937cbef0$3a00a8c0@carrera> <20060707091850.GA719@turion.vk2pj.dyndns.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline In-Reply-To: <20060707091850.GA719@turion.vk2pj.dyndns.org> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new Cc: Doug Barton , freebsd-current@freebsd.org, Michael Bushkov Subject: Re: nss_ldap and openldap importing X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jul 2006 16:17:24 -0000 --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 07, 2006 at 07:18:50PM +1000, Peter Jeremy wrote: > On Fri, 2006-Jul-07 10:06:55 +0400, Michael Bushkov wrote: > >1. Having nss_ldap in the source gives an ability to use nss_ldap right= =20 > >"out of the box" and equals it in rights with such nsswitch sources as N= IS=20 > >and DNS. If we have NIS in the base system, I don't see any reasons not = to=20 > >have nss_ldap. Besides, i'm sure, having nss_ldap in the base will make= =20 > >users feeling more comfortable when dealing with it. >=20 > I don't think this follows. Things like X and perl can be installed > from sysinstall with mininal effort. I'd prefer to make it easier > to install nss_ldap as a package than have it in the base system. IMO there's a substantial difference between something like X or perl and an authentication and authorization system in terms of the benefits of integration. Having X or perl broken because of a version mismatch or what not is annoying, but you can generally work around it particularly on a server. Having all access other than console single user broken due to breaking your login stuff is not so fixable. > >2. I guess, we'll have to rewrite nss_ldap by ourselves sooner or later= =20 > >(actually, I can do it), so current nss_ldap import can be viewed as the= =20 > >first stage of the plan. >=20 > It would seem cleaner to implement our own nss_ldap from scratch > rather than importing a GPL one and then replacing it. IMHO, having > the GPL nss_ldap in the tree would make it harder to import another > one. Once people start using nss_ldap, they are going to get very > picky about a replacement being bug-for-bug compatible. That's a valid concern. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFErokSXY6L6fI4GtQRAp8UAJ95jxmCDHLZSkreoFOgh7UeHTeC/ACgwaiC o7u2DKpI0nuiw4cXB0RIEJ8= =1fuJ -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK--