LDAP integration
Doug Barton
dougb at FreeBSD.org
Wed Jan 10 21:56:32 UTC 2007
Lamont Granquist wrote:
> Why are you doing this in the FreeBSD rc scripts directly? Why not
> install cfengine and work on making cfengine play better with
> database-driven config?
Indeed. For a "many systems" problem, cfengine is a great tool. I
think the OP is more interested in the "dynamically configured laptop"
problem, which is also an interesting/difficult one, but I don't think
it's a good problem for LDAP to solve. It still feels like "I have
LDAP that I want to use as a solution, so what problem can I point it
at?" to me.
> And if you're looking specifically at the /etc/rc.conf config file, what
> would be more useful would be an /etc/rc.conf.d/ directory.
Good news for you, we already support that. :) I agree that it makes a
great tool for the "many systems" problem, and could reasonably be
used for part of the "dynamic laptop" problem too.
> That gets
> away from the need to tweak and edit the /etc/rc.conf config file with
> multiple inputs tweaking a single file. Instead you can drop whole
> orthogonal fragments into /etc/rc.conf.d/inetd to manage the inetd
> config which would make it more friendly to radmind-like approaches. It
> also makes it easier to use with cfengine since orthogonal cfengine
> modules aren't doing editfiles touches to the same files.
Yes yes yes all around. At one time I suggested that we add support
for /usr/local/etc/rc.conf.d and encourage port authors to drop files
in there, but I didn't get much enthusiasm for it. Perhaps it's time
to revisit that?
> The
> /etc/cron.d directory that (most?) linux distros have is similarly very
> useful to drop in files that contain completely orthogonal config (and
> may be written by entirely different config management tools -- e.g.
> system config management vs. application deployment/management), and the
> /etc/periodic functionality is not flexible enough to cover all cases.
That's not a bad idea, but you'll have to find some other huckleberry
to address it, I've got my hands full at the moment.
Doug
--
This .signature sanitized for your protection
More information about the freebsd-hackers
mailing list