LDAP integration

Murray Taylor MTaylor at bytecraft.com.au
Fri Jan 12 03:17:13 UTC 2007 

 

> -----Original Message-----
> From: owner-freebsd-hackers at freebsd.org 
> [mailto:owner-freebsd-hackers at freebsd.org] On Behalf Of Nathan Vidican
> Sent: Friday, 12 January 2007 5:55 AM
> To: Mike Meyer; hackers at freebsd.org
> Subject: Re: LDAP integration
> 
> Mike Meyer wrote:
> > In <20070111035549.7c11a450 at vixen42>, Vulpes Velox 
> <v.velox at vvelox.net> typed:
> >   
> >> LDAP is nice organizing across many systems, but if you are just
> >> dealing with one computer it is complete over kill for any thing.
> >>     
> >
> > In that situation, it's not merely overkill, it's may actually be a
> > bad idea. Can you say "AIX SDR"? How about "Windows registry"?
> >
> > Those system both took the approach of putting all the configuration
> > information in a central database. This creates problems because the
> > tools needed to examine/fix the config database require a complex
> > environment - at least compared to a statically linked copy of
> > ed. LDAP may not be so bad, but it still makes me nervous.
> >
> > On the other hand, if you've got a flock of boxes to 
> manage, having a
> > way to tell the rc subsystem "Go read config values from this LDAP
> > server" seems like a very attractive alternative.
> >
> > 	<mike
> >   
> Ok, so the general consensus seems to be that it's a good 
> idea in some 
> cases and not in others. I myself agree that it should not be part of 
> the base setup for issues regarding the complication of the base 
> distribution... but why not make a package for it?
> 
> Take this idea, and run with it... build a package that installs over 
> the base installation, bundling the LDAP client libs, new rc 
> structure, 
> tools, etc all in one shot. Add it to the ports collection 
> and call it 
> done. - After all that's the wonder that is opensource... if 
> ya want to 
> improve something, go for it - even better if you can contribute your 
> additions back to the community.
> 
> I think it could be the start of something really handy for those out 
> there managing large banks of servers... a central configuration 
> repository, key-based or something where you take a freshly installed 
> server, and point it to a config 'key', reboot and poof! That server 
> goes down, simply tell a spare one to use it's config 'key' 
> and reboot - 
> back up and running :) You'd get all the redundancy of LDAP, the 
> organization of a directory tree, and the simplicity of uniform 
> configuration information. This of course with some assumptions about 
> storage and backup situations, but hey - it's an idea not a 
> reality here 
> I'm talking about.
> 
> Anyways... without digressing way too much, my point was this: if 
> there's enough people interested in the idea, then collaborate and by 
> all means try to make something of it. If it works out well, lots of 
> people start adopting it, THEN we (the FreeBSD community) 
> should look at 
> including it as part of the base... until then, make it as a bundled 
> package or something. I'm using LDAP here for users, groups, 
> email and 
> account information shared to many servers - and it works great, but 
> it's certainly not for everyone and I'd never expect it to come 
> out-of-the box with everything required to do so. Have to weigh the 
> benefits against the costs.
> 
> This thread keeps arguing the good or the bad points of doing 
> this - and 
> it seems to me not something worth arguing the merits of. If 
> you believe 
> in it enough, then do it or at least try it. Lets move on from if we 
> should or shouldn't, and look more to HOW we could...
> 
> Just my two and a half cents.
> 
> 
> --
> Nathan Vidican
> nvidican at wmptl.com
> Windsor Match Plate & Tool Ltd.
> http://www.wmptl.com/

I would be in favour of this being put together asa port..
says he looking into the future where a multi server / 
multi service 'system' is lurking.

Might be nice for configuring blade server arrays too.

mjt

Murray Taylor

Special Projects Engineer
Bytecraft Systems

E: mtaylor at bytecraft.com.au 


--

"Any intelligent fool can make things bigger and more complex... It
takes a
touch of genius - and a lot of courage to move in the opposite
direction."
--Albert Einstein 

---------------------------------------------------------------
The information transmitted in this e-mail is for the exclusive
use of the intended addressee and may contain confidential
and/or privileged material. Any review, re-transmission,
dissemination or other use of it, or the taking of any action
in reliance upon this information by persons and/or entities
other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or
addressee immediately and delete the material. 

E-mails may not be secure, may contain computer viruses and
may be corrupted in transmission. Please carefully check this
e-mail (and any attachment) accordingly. No warranties are
given and no liability is accepted for any loss or damage
caused by such matters.
---------------------------------------------------------------

### This e-mail message has been scanned for Viruses by Bytecraft ###

More information about the freebsd-hackers mailing list