Date: Fri, 12 Jan 2007 13:44:52 +1100 From: "Murray Taylor" <MTaylor@bytecraft.com.au> To: "Nathan Vidican" <nathan@vidican.com>, "Mike Meyer" <mwm-keyword-freebsdhackers2.e313df@mired.org>, <hackers@freebsd.org> Subject: RE: LDAP integration Message-ID: <04E232FDCD9FBE43857F7066CAD3C0F12671F3@svmailmel.bytecraft.internal>
next in thread | raw e-mail | index | archive | help
=20 > -----Original Message----- > From: owner-freebsd-hackers@freebsd.org=20 > [mailto:owner-freebsd-hackers@freebsd.org] On Behalf Of Nathan Vidican > Sent: Friday, 12 January 2007 5:55 AM > To: Mike Meyer; hackers@freebsd.org > Subject: Re: LDAP integration >=20 > Mike Meyer wrote: > > In <20070111035549.7c11a450@vixen42>, Vulpes Velox=20 > <v.velox@vvelox.net> typed: > > =20 > >> LDAP is nice organizing across many systems, but if you are just > >> dealing with one computer it is complete over kill for any thing. > >> =20 > > > > In that situation, it's not merely overkill, it's may actually be a > > bad idea. Can you say "AIX SDR"? How about "Windows registry"? > > > > Those system both took the approach of putting all the configuration > > information in a central database. This creates problems because the > > tools needed to examine/fix the config database require a complex > > environment - at least compared to a statically linked copy of > > ed. LDAP may not be so bad, but it still makes me nervous. > > > > On the other hand, if you've got a flock of boxes to=20 > manage, having a > > way to tell the rc subsystem "Go read config values from this LDAP > > server" seems like a very attractive alternative. > > > > <mike > > =20 > Ok, so the general consensus seems to be that it's a good=20 > idea in some=20 > cases and not in others. I myself agree that it should not be part of=20 > the base setup for issues regarding the complication of the base=20 > distribution... but why not make a package for it? >=20 > Take this idea, and run with it... build a package that installs over=20 > the base installation, bundling the LDAP client libs, new rc=20 > structure,=20 > tools, etc all in one shot. Add it to the ports collection=20 > and call it=20 > done. - After all that's the wonder that is opensource... if=20 > ya want to=20 > improve something, go for it - even better if you can contribute your=20 > additions back to the community. >=20 > I think it could be the start of something really handy for those out=20 > there managing large banks of servers... a central configuration=20 > repository, key-based or something where you take a freshly installed=20 > server, and point it to a config 'key', reboot and poof! That server=20 > goes down, simply tell a spare one to use it's config 'key'=20 > and reboot -=20 > back up and running :) You'd get all the redundancy of LDAP, the=20 > organization of a directory tree, and the simplicity of uniform=20 > configuration information. This of course with some assumptions about=20 > storage and backup situations, but hey - it's an idea not a=20 > reality here=20 > I'm talking about. >=20 > Anyways... without digressing way too much, my point was this: if=20 > there's enough people interested in the idea, then collaborate and by=20 > all means try to make something of it. If it works out well, lots of=20 > people start adopting it, THEN we (the FreeBSD community)=20 > should look at=20 > including it as part of the base... until then, make it as a bundled=20 > package or something. I'm using LDAP here for users, groups,=20 > email and=20 > account information shared to many servers - and it works great, but=20 > it's certainly not for everyone and I'd never expect it to come=20 > out-of-the box with everything required to do so. Have to weigh the=20 > benefits against the costs. >=20 > This thread keeps arguing the good or the bad points of doing=20 > this - and=20 > it seems to me not something worth arguing the merits of. If=20 > you believe=20 > in it enough, then do it or at least try it. Lets move on from if we=20 > should or shouldn't, and look more to HOW we could... >=20 > Just my two and a half cents. >=20 >=20 > -- > Nathan Vidican > nvidican@wmptl.com > Windsor Match Plate & Tool Ltd. > http://www.wmptl.com/ I would be in favour of this being put together asa port.. says he looking into the future where a multi server /=20 multi service 'system' is lurking. Might be nice for configuring blade server arrays too. mjt Murray Taylor Special Projects Engineer Bytecraft Systems E: mtaylor@bytecraft.com.au=20 -- "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein=20 --------------------------------------------------------------- The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material.=20 E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. --------------------------------------------------------------- ### This e-mail message has been scanned for Viruses by Bytecraft ###
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?04E232FDCD9FBE43857F7066CAD3C0F12671F3>