Date: Thu, 22 Feb 2018 14:38:36 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 226119] Feature request: Add ldap data source for the NSS netgroup database Message-ID: <bug-226119-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226119 Bug ID: 226119 Summary: Feature request: Add ldap data source for the NSS netgroup database Product: Base System Version: 11.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: vmiller@verisign.com The nsswitch.conf man page describes the sources that are currently implemented for NSS which exclude LDAP. An LDAP data source will enable FreeBSD clients to more easily integrate with central user/account management frameworks like FreeIPA & sssd. As an illustration of problems that would be mitigated with the implementation of an ldap data source consider that a centralized user accounting and management system, particularly FreeIPA, sudo queries the data source (sss) returning netgroups which sudo responds to by subsequently calling innetgr(). When called, innetgr() loads and iterates over /etc/netgroup looking for matching entries. As netgroup grows in size, so does the amount of time required to iterate it. For example, my tests using a ~1.5MB file consisting of ~31,000 entries took 30 seconds to return a password prompt as it traversed netgroup to insure the invoking user was permitted to. The following references describe FreeBSD deployment within a FreeIPA/sssd framework and illustrate that multiple users are deploying FreeBSD in such a configuration. https://blog.hostileadmin.com/2016/03/24/integrating-freebsd-w-freeipasssd/ https://forums.freebsd.org/threads/freebsd-freeipa-via-sssd.46526/ -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-226119-8>