Feature request (pam/nss ldap, nsswitch ldap integration)

Joerg Sonnenberger joerg at britannica.bec.de
Sat Oct 30 04:44:34 PDT 2004

On Sat, Oct 30, 2004 at 12:20:58PM +0100, Dick Davies wrote:
> Trouble is openldap is one of those things everyone wants to configure
> themselves - do you enable SASL support or not, what backends do you use
> etc?

IIRC SASL is pretty mandatory to correctly implement LDAP v3. Bigger
question is GSSAPI (Kerberos 5!) and the backend.

> And it raises other questions, for example how do you handle mergemaster
> when half your accounts are in LDAP and not the system databases?

You should _not_ put system accounts into LDAP, that's that just wrong.
So having them in the local database (whatever type that is) should work
fine with mergemaster.


More information about the freebsd-hackers mailing list