[HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and
more (SoC)
Dan Nelson
dnelson at allantgroup.com
Wed Aug 30 14:45:36 UTC 2006
In the last episode (Aug 30), Andre Oppermann said:
> Julian Elischer wrote:
> >John Baldwin wrote:
> >>Agreed. I also think LDAP would be a very useful thing to add. I
> >>know that I currently use NIS/yp because it just works and is
> >>integrated into the base, etc. I think adding LDAP as the logical
> >>successor to NIS/yp would be a good thing.
> >
> >I agree with John. Historically things have moved to the base system
> >when they have reached some amount of public use, and they have been
> >needed for a large number of othre parts.. e.g. SSL.
> >
> >I think that LDAP has reached this point (in fact did so many
> >several years ago) and having a standard ldap implementation in the
> >base system allows us to make FreeBSD machien splay better in many
> >environments.
>
> The problem is that OpenLDAP is a very big thing. It contains a
> number of libraries and servers. Importing the whole thing is
> clearly not the right thing as we should only ship the LDAP library.
> However more complications come from the fact that you can build the
> LDAP library again with a number of further options and dependencies
> on other libraries. Depending on your usage case you may need to
> turn one of those on or off for your other applications. Topping it
> off OpenLDAP does quite a few releases a year with important bug
> fixes. This is quickly becoming backporting hell. At the moment I'm
> not sure if the slapd server refuses to run with an older library
> found in the base system.
>
> For this LDAP library thing to work there has to be a painless way to
> overwrite or override the base LDAP library with a custom, newer from
> ports or self-compiled one.
>
> A quick glance into the OpenLDAP install instructions reveals that it
> depends on OpenSSL (check, it's in the base system), KERBEROS
> (optional in base system), Cyrus SASL library (not in base system)
> and POSIX threads (check). I don't think we want to import Cyrus
> SASL into the base system.
The openldap client port builds WITHOUT_SASL=YES, though, so that's not
a problem.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-current
mailing list