From owner-freebsd-hackers@FreeBSD.ORG Thu Jan 11 10:11:28 2007 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 116A216A407 for ; Thu, 11 Jan 2007 10:11:28 +0000 (UTC) (envelope-from SRS0=LVA8ua=GU=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailout12.yourhostingaccount.com (mailout12.yourhostingaccount.com [65.254.253.96]) by mx1.freebsd.org (Postfix) with ESMTP id C689E13C459 for ; Thu, 11 Jan 2007 10:11:27 +0000 (UTC) (envelope-from SRS0=LVA8ua=GU=vvelox.net=v.velox@yourhostingaccount.com) Received: from scan10.yourhostingaccount.com ([10.1.1.240] helo=scan10.yourhostingaccount.com) by mailout12.yourhostingaccount.com with esmtp (Exim) id 1H4wex-0003zK-Fd for hackers@freebsd.org; Thu, 11 Jan 2007 04:55:47 -0500 Received: from authsmtp10.yourhostingaccount.com ([10.1.18.10] ident=exim) by scan10.yourhostingaccount.com with spamscanlookuphost (Exim) id 1H4wex-0006ep-Cs for hackers@freebsd.org; Thu, 11 Jan 2007 04:55:47 -0500 Received: from authsmtp10.yourhostingaccount.com ([10.1.18.10] helo=authsmtp10.yourhostingaccount.com) by scan10.yourhostingaccount.com with esmtp (Exim) id 1H4wew-0006ek-RG for hackers@freebsd.org; Thu, 11 Jan 2007 04:55:46 -0500 Received: from [69.92.217.33] (helo=vixen42) by authsmtp10.yourhostingaccount.com with esmtpa (Exim) id 1H4wew-0002mq-4R; Thu, 11 Jan 2007 04:55:46 -0500 Date: Thu, 11 Jan 2007 03:55:49 -0600 From: Vulpes Velox To: David Nugent Message-ID: <20070111035549.7c11a450@vixen42> In-Reply-To: <45A5EA3B.9020000@datalinktech.com.au> References: <60737.24.71.119.183.1168496463.squirrel@webmail.sd73.bc.ca> <45A5EA3B.9020000@datalinktech.com.au> X-Mailer: Claws Mail 2.7.0 (GTK+ 2.10.7; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EN-UserInfo: 0d1ca1697cdb7a831d4877828571b7ab:1570f0de6936c69fef9e164fffc541bc X-EN-AuthUser: vvelox2 Sender: Vulpes Velox Cc: hackers@freebsd.org Subject: Re: LDAP integration X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2007 10:11:28 -0000 On Thu, 11 Jan 2007 18:41:47 +1100 David Nugent wrote: > Freddie Cash wrote: > > To each their own, of course. Personally, I am so sick of the way > > system like Debian use dozens of config files for each app, all in > > their own conf.d/ sub-directories. Some apps, like PureFTPd > > actually use separate config files for each and every option it > > supports. Trying to configure these apps is a royal pain of > > opening and editing a dozen files. Maybe this makes it easier > > for automated configuration tools and GUIs, but it makes it a > > *ROYAL* pain in the arse for mere mortals using text editors to > > manage. > But management of config data is a user interface, surely, and not > directly related to the underlying storage mechanism. > > What is the logical difference between using a directory structure > vs. an LDAP server containing essentially the same information > (plus all of the overhead)? "dozens of config files" just equates > to dozens of ldap entries (or dozens of entries in a single config > file). Given the same or equivalent "friendly" UI, do you really > care how the back end is managed? By moving the data to a directory > you are making it less accessible to standard tools, so you're just > removing the option to directly edit those config files and only > gain on being able to use ldap editing tools instead of text > editing tools. You could write a similarly "friendly" app that > managed your conrfiguration files, and you won't need any LDAP > expertise to use it. > > Network access and management of configuration data are the real > advantages here, not the UI. Integration of LDAP would provide > close to (and arguably less than) zero benefit to a stand alone > system, really, and would effectively equate to a Windows registry > with all of the pros and cons that come with that. I vote both are completely stupid. LDAP is nice organizing across many systems, but if you are just dealing with one computer it is complete over kill for any thing. Splitting rc.conf up into multiple files is just plain messy and stupid as well. I can see there being times when it is split into two, but I don't see any reason for more than that. There are plenty of nice ways to access and modify LDAP data. I would say it is easily as friendly as editing text files to be pulled across. I fail to see how LDAP is not a standard tool. It is a tool that is really under utilized. What this gains is being able to store a lot of configuration stuff in the same place. It makes permission handling a lot easier as well. If you store it in a file any one with write access can edit it, but with LDAP it can assign write access to specific attributes. With files you would have to split it up across multiple files.