Feature request (pam/nss ldap, nsswitch ldap integration)
Dick Davies
rasputnik at hellooperator.net
Sat Oct 30 04:21:01 PDT 2004
* Patrick Dung <patrick_dkt at yahoo.com.hk> [1045 03:45]:
> So my suggestion is: integrate pam_ldap, nss_ldap, nsswitch support
> with ldap and lookupd (ie LDAP client support) into the OS.
Trouble is openldap is one of those things everyone wants to configure
themselves - do you enable SASL support or not, what backends do you use
etc?
Granted most of this is on the server, but there's also the extra work
involved in updating it all the time - openldap in particular seems to
be a fairly fast moving target.
I'm not sure importing all that code would win you much over a pkg_add
anyway.
And it raises other questions, for example how do you handle mergemaster
when half your accounts are in LDAP and not the system databases?
Though I would really like to see nss_ldap extended to gather more information
over LDAP - incidentally, does anyone know why that isn't enabled? Is there a
technical reason or is it just caution?
> The integration with LDAP is like the integration of OpenPAM,
> OpenSSH, AMD automounter and BIND in FreeBSD.
Trouble is it might be like the integration of Perl :)
--
The pie is ready. You guys like swarms of things, right? - Bender
Rasputin :: Jack of All Trades - Master of Nuns
More information about the freebsd-hackers
mailing list