From owner-freebsd-hackers@FreeBSD.ORG Fri Jan 12 03:17:13 2007 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6A4F316A504 for ; Fri, 12 Jan 2007 03:17:13 +0000 (UTC) (envelope-from MTaylor@bytecraft.com.au) Received: from bcmelmx.bytecraft.au.com (bcmelmx.bytecraft.au.com [203.39.118.2]) by mx1.freebsd.org (Postfix) with ESMTP id CDD4A13C45E for ; Fri, 12 Jan 2007 03:17:12 +0000 (UTC) (envelope-from MTaylor@bytecraft.com.au) Received: from svmarshal2.bytecraft.internal (svmarshal2.bytecraft.internal [10.0.0.3]) by bcmelmx.bytecraft.au.com (8.12.11/8.12.11) with ESMTP id l0C2juGc081921; Fri, 12 Jan 2007 13:45:56 +1100 (EST) (envelope-from MTaylor@bytecraft.com.au) Received: from svmailmel.bytecraft.internal (Not Verified[10.0.0.24]) by svmarshal2.bytecraft.internal with MailMarshal (v6, 1, 4, 441) id ; Fri, 12 Jan 2007 13:45:56 +1100 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Fri, 12 Jan 2007 13:44:52 +1100 Message-ID: <04E232FDCD9FBE43857F7066CAD3C0F12671F3@svmailmel.bytecraft.internal> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: LDAP integration Thread-Index: Acc17etmee+KQJhrQSSYY5ZvXUmxSAABW9Cw From: "Murray Taylor" To: "Nathan Vidican" , "Mike Meyer" , Cc: Subject: RE: LDAP integration X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2007 03:17:13 -0000 =20 > -----Original Message----- > From: owner-freebsd-hackers@freebsd.org=20 > [mailto:owner-freebsd-hackers@freebsd.org] On Behalf Of Nathan Vidican > Sent: Friday, 12 January 2007 5:55 AM > To: Mike Meyer; hackers@freebsd.org > Subject: Re: LDAP integration >=20 > Mike Meyer wrote: > > In <20070111035549.7c11a450@vixen42>, Vulpes Velox=20 > typed: > > =20 > >> LDAP is nice organizing across many systems, but if you are just > >> dealing with one computer it is complete over kill for any thing. > >> =20 > > > > In that situation, it's not merely overkill, it's may actually be a > > bad idea. Can you say "AIX SDR"? How about "Windows registry"? > > > > Those system both took the approach of putting all the configuration > > information in a central database. This creates problems because the > > tools needed to examine/fix the config database require a complex > > environment - at least compared to a statically linked copy of > > ed. LDAP may not be so bad, but it still makes me nervous. > > > > On the other hand, if you've got a flock of boxes to=20 > manage, having a > > way to tell the rc subsystem "Go read config values from this LDAP > > server" seems like a very attractive alternative. > > > > > =20 > Ok, so the general consensus seems to be that it's a good=20 > idea in some=20 > cases and not in others. I myself agree that it should not be part of=20 > the base setup for issues regarding the complication of the base=20 > distribution... but why not make a package for it? >=20 > Take this idea, and run with it... build a package that installs over=20 > the base installation, bundling the LDAP client libs, new rc=20 > structure,=20 > tools, etc all in one shot. Add it to the ports collection=20 > and call it=20 > done. - After all that's the wonder that is opensource... if=20 > ya want to=20 > improve something, go for it - even better if you can contribute your=20 > additions back to the community. >=20 > I think it could be the start of something really handy for those out=20 > there managing large banks of servers... a central configuration=20 > repository, key-based or something where you take a freshly installed=20 > server, and point it to a config 'key', reboot and poof! That server=20 > goes down, simply tell a spare one to use it's config 'key'=20 > and reboot -=20 > back up and running :) You'd get all the redundancy of LDAP, the=20 > organization of a directory tree, and the simplicity of uniform=20 > configuration information. This of course with some assumptions about=20 > storage and backup situations, but hey - it's an idea not a=20 > reality here=20 > I'm talking about. >=20 > Anyways... without digressing way too much, my point was this: if=20 > there's enough people interested in the idea, then collaborate and by=20 > all means try to make something of it. If it works out well, lots of=20 > people start adopting it, THEN we (the FreeBSD community)=20 > should look at=20 > including it as part of the base... until then, make it as a bundled=20 > package or something. I'm using LDAP here for users, groups,=20 > email and=20 > account information shared to many servers - and it works great, but=20 > it's certainly not for everyone and I'd never expect it to come=20 > out-of-the box with everything required to do so. Have to weigh the=20 > benefits against the costs. >=20 > This thread keeps arguing the good or the bad points of doing=20 > this - and=20 > it seems to me not something worth arguing the merits of. If=20 > you believe=20 > in it enough, then do it or at least try it. Lets move on from if we=20 > should or shouldn't, and look more to HOW we could... >=20 > Just my two and a half cents. >=20 >=20 > -- > Nathan Vidican > nvidican@wmptl.com > Windsor Match Plate & Tool Ltd. > http://www.wmptl.com/ I would be in favour of this being put together asa port.. says he looking into the future where a multi server /=20 multi service 'system' is lurking. Might be nice for configuring blade server arrays too. mjt Murray Taylor Special Projects Engineer Bytecraft Systems E: mtaylor@bytecraft.com.au=20 -- "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein=20 --------------------------------------------------------------- The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material.=20 E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. --------------------------------------------------------------- ### This e-mail message has been scanned for Viruses by Bytecraft ###