LDAP integration

Vulpes Velox v.velox at vvelox.net
Wed Jan 10 23:37:31 UTC 2007

On Wed, 10 Jan 2007 13:26:57 -0800 (PST)
Lamont Granquist <lamont at scriptkiddie.org> wrote:

> On Tue, 9 Jan 2007, Vulpes Velox wrote:
> > The why is because I like centralized management and it would be
> > really handy for that. For my use, it would be handy in regards
> > to my laptops.
> >
> > I feel better central management is extreme significant. If I had
> > nothing more to say than "this would be neat!" we would not still
> > be talking. Right now I am just poking around for other people
> >
> > I regards to searching the archives, I am not seeing any thing in
> > regards to LDAP outside of NSS recently. I am also not finding any
> > thing in regards to dynamically and automatically building various
> > config files.
> Why are you doing this in the FreeBSD rc scripts directly?  Why not 
> install cfengine and work on making cfengine play better with 
> database-driven config?

I've looked at it once a long time ago and have looked at it again
today. It has never held my interest for too long. I find perl and
LDAP much more interesting. More user friendly as well.

> And if you're looking specifically at the /etc/rc.conf config file,
> what would be more useful would be an /etc/rc.conf.d/ directory.
> That gets away from the need to tweak and edit the /etc/rc.conf
> config file with multiple inputs tweaking a single file.  Instead
> you can drop whole orthogonal fragments into /etc/rc.conf.d/inetd
> to manage the inetd config which would make it more friendly to
> radmind-like approaches.  It also makes it easier to use with
> cfengine since orthogonal cfengine modules aren't doing editfiles
> touches to the same files.  The /etc/cron.d directory that (most?)
> linux distros have is similarly very useful to drop in files that
> contain completely orthogonal config (and may be written by
> entirely different config management tools -- e.g. system config
> management vs. application deployment/management), and
> the /etc/periodic functionality is not flexible enough to cover all
> cases.

This honestly sounds like a massive and complete pain in the ass. I
don't even see how this is remote admin friendly. It just means way
more to muck around with.

If cfengine can not generate rc.conf in a nice manner, it seems more
like a problem with cfengine.

On a similar note, rc.conf.local supported? I saw it referenced in
the man file for rc.conf, but never hear any thing about it and I've
not finished picking rc.subr apart yet.

More information about the freebsd-hackers mailing list