From owner-freebsd-hackers@FreeBSD.ORG Thu Jan 11 19:04:56 2007 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 18C8316A416 for ; Thu, 11 Jan 2007 19:04:56 +0000 (UTC) (envelope-from nathan@vidican.com) Received: from wmptl.net (mail.wmptl.com [216.8.159.133]) by mx1.freebsd.org (Postfix) with ESMTP id BC80A13C448 for ; Thu, 11 Jan 2007 19:04:55 +0000 (UTC) (envelope-from nathan@vidican.com) Received: from [10.0.0.11] ([10.0.0.11]) by wmptl.net (8.13.4/8.13.4) with ESMTP id l0BIsgOd091167; Thu, 11 Jan 2007 13:54:42 -0500 (EST) (envelope-from nathan@vidican.com) Message-ID: <45A687F6.2020907@vidican.com> Date: Thu, 11 Jan 2007 13:54:46 -0500 From: Nathan Vidican User-Agent: Thunderbird 1.5.0.7 (X11/20061027) MIME-Version: 1.0 To: Mike Meyer , hackers@freebsd.org References: <60737.24.71.119.183.1168496463.squirrel@webmail.sd73.bc.ca> <45A5EA3B.9020000@datalinktech.com.au> <20070111035549.7c11a450@vixen42> <17830.29050.791321.480369@bhuda.mired.org> In-Reply-To: <17830.29050.791321.480369@bhuda.mired.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.54 on 10.0.0.80 X-Mailman-Approved-At: Fri, 12 Jan 2007 02:02:48 +0000 Cc: Subject: Re: LDAP integration X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2007 19:04:56 -0000 Mike Meyer wrote: > In <20070111035549.7c11a450@vixen42>, Vulpes Velox typed: > >> LDAP is nice organizing across many systems, but if you are just >> dealing with one computer it is complete over kill for any thing. >> > > In that situation, it's not merely overkill, it's may actually be a > bad idea. Can you say "AIX SDR"? How about "Windows registry"? > > Those system both took the approach of putting all the configuration > information in a central database. This creates problems because the > tools needed to examine/fix the config database require a complex > environment - at least compared to a statically linked copy of > ed. LDAP may not be so bad, but it still makes me nervous. > > On the other hand, if you've got a flock of boxes to manage, having a > way to tell the rc subsystem "Go read config values from this LDAP > server" seems like a very attractive alternative. > > Ok, so the general consensus seems to be that it's a good idea in some cases and not in others. I myself agree that it should not be part of the base setup for issues regarding the complication of the base distribution... but why not make a package for it? Take this idea, and run with it... build a package that installs over the base installation, bundling the LDAP client libs, new rc structure, tools, etc all in one shot. Add it to the ports collection and call it done. - After all that's the wonder that is opensource... if ya want to improve something, go for it - even better if you can contribute your additions back to the community. I think it could be the start of something really handy for those out there managing large banks of servers... a central configuration repository, key-based or something where you take a freshly installed server, and point it to a config 'key', reboot and poof! That server goes down, simply tell a spare one to use it's config 'key' and reboot - back up and running :) You'd get all the redundancy of LDAP, the organization of a directory tree, and the simplicity of uniform configuration information. This of course with some assumptions about storage and backup situations, but hey - it's an idea not a reality here I'm talking about. Anyways... without digressing way too much, my point was this: if there's enough people interested in the idea, then collaborate and by all means try to make something of it. If it works out well, lots of people start adopting it, THEN we (the FreeBSD community) should look at including it as part of the base... until then, make it as a bundled package or something. I'm using LDAP here for users, groups, email and account information shared to many servers - and it works great, but it's certainly not for everyone and I'd never expect it to come out-of-the box with everything required to do so. Have to weigh the benefits against the costs. This thread keeps arguing the good or the bad points of doing this - and it seems to me not something worth arguing the merits of. If you believe in it enough, then do it or at least try it. Lets move on from if we should or shouldn't, and look more to HOW we could... Just my two and a half cents. -- Nathan Vidican nvidican@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/