Date: Fri, 7 Jul 2006 09:17:23 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: Doug Barton <dougb@freebsd.org>, freebsd-current@freebsd.org, Michael Bushkov <bushman@rsu.ru> Subject: Re: nss_ldap and openldap importing Message-ID: <20060707161723.GA4842@odin.ac.hmc.edu> In-Reply-To: <20060707091850.GA719@turion.vk2pj.dyndns.org> References: <44AD2569.9070007@rsu.ru> <44ADEBCC.70607@FreeBSD.org> <003c01c6a18b$937cbef0$3a00a8c0@carrera> <20060707091850.GA719@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 07, 2006 at 07:18:50PM +1000, Peter Jeremy wrote: > On Fri, 2006-Jul-07 10:06:55 +0400, Michael Bushkov wrote: > >1. Having nss_ldap in the source gives an ability to use nss_ldap right= =20 > >"out of the box" and equals it in rights with such nsswitch sources as N= IS=20 > >and DNS. If we have NIS in the base system, I don't see any reasons not = to=20 > >have nss_ldap. Besides, i'm sure, having nss_ldap in the base will make= =20 > >users feeling more comfortable when dealing with it. >=20 > I don't think this follows. Things like X and perl can be installed > from sysinstall with mininal effort. I'd prefer to make it easier > to install nss_ldap as a package than have it in the base system. IMO there's a substantial difference between something like X or perl and an authentication and authorization system in terms of the benefits of integration. Having X or perl broken because of a version mismatch or what not is annoying, but you can generally work around it particularly on a server. Having all access other than console single user broken due to breaking your login stuff is not so fixable. > >2. I guess, we'll have to rewrite nss_ldap by ourselves sooner or later= =20 > >(actually, I can do it), so current nss_ldap import can be viewed as the= =20 > >first stage of the plan. >=20 > It would seem cleaner to implement our own nss_ldap from scratch > rather than importing a GPL one and then replacing it. IMHO, having > the GPL nss_ldap in the tree would make it harder to import another > one. Once people start using nss_ldap, they are going to get very > picky about a replacement being bug-for-bug compatible. That's a valid concern. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFErokSXY6L6fI4GtQRAp8UAJ95jxmCDHLZSkreoFOgh7UeHTeC/ACgwaiC o7u2DKpI0nuiw4cXB0RIEJ8= =1fuJ -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060707161723.GA4842>