LDAP integration
Murray Taylor
MTaylor at bytecraft.com.au
Fri Jan 12 03:17:13 UTC 2007
> -----Original Message-----
> From: owner-freebsd-hackers at freebsd.org
> [mailto:owner-freebsd-hackers at freebsd.org] On Behalf Of Nathan Vidican
> Sent: Friday, 12 January 2007 5:55 AM
> To: Mike Meyer; hackers at freebsd.org
> Subject: Re: LDAP integration
>
> Mike Meyer wrote:
> > In <20070111035549.7c11a450 at vixen42>, Vulpes Velox
> <v.velox at vvelox.net> typed:
> >
> >> LDAP is nice organizing across many systems, but if you are just
> >> dealing with one computer it is complete over kill for any thing.
> >>
> >
> > In that situation, it's not merely overkill, it's may actually be a
> > bad idea. Can you say "AIX SDR"? How about "Windows registry"?
> >
> > Those system both took the approach of putting all the configuration
> > information in a central database. This creates problems because the
> > tools needed to examine/fix the config database require a complex
> > environment - at least compared to a statically linked copy of
> > ed. LDAP may not be so bad, but it still makes me nervous.
> >
> > On the other hand, if you've got a flock of boxes to
> manage, having a
> > way to tell the rc subsystem "Go read config values from this LDAP
> > server" seems like a very attractive alternative.
> >
> > <mike
> >
> Ok, so the general consensus seems to be that it's a good
> idea in some
> cases and not in others. I myself agree that it should not be part of
> the base setup for issues regarding the complication of the base
> distribution... but why not make a package for it?
>
> Take this idea, and run with it... build a package that installs over
> the base installation, bundling the LDAP client libs, new rc
> structure,
> tools, etc all in one shot. Add it to the ports collection
> and call it
> done. - After all that's the wonder that is opensource... if
> ya want to
> improve something, go for it - even better if you can contribute your
> additions back to the community.
>
> I think it could be the start of something really handy for those out
> there managing large banks of servers... a central configuration
> repository, key-based or something where you take a freshly installed
> server, and point it to a config 'key', reboot and poof! That server
> goes down, simply tell a spare one to use it's config 'key'
> and reboot -
> back up and running :) You'd get all the redundancy of LDAP, the
> organization of a directory tree, and the simplicity of uniform
> configuration information. This of course with some assumptions about
> storage and backup situations, but hey - it's an idea not a
> reality here
> I'm talking about.
>
> Anyways... without digressing way too much, my point was this: if
> there's enough people interested in the idea, then collaborate and by
> all means try to make something of it. If it works out well, lots of
> people start adopting it, THEN we (the FreeBSD community)
> should look at
> including it as part of the base... until then, make it as a bundled
> package or something. I'm using LDAP here for users, groups,
> email and
> account information shared to many servers - and it works great, but
> it's certainly not for everyone and I'd never expect it to come
> out-of-the box with everything required to do so. Have to weigh the
> benefits against the costs.
>
> This thread keeps arguing the good or the bad points of doing
> this - and
> it seems to me not something worth arguing the merits of. If
> you believe
> in it enough, then do it or at least try it. Lets move on from if we
> should or shouldn't, and look more to HOW we could...
>
> Just my two and a half cents.
>
>
> --
> Nathan Vidican
> nvidican at wmptl.com
> Windsor Match Plate & Tool Ltd.
> http://www.wmptl.com/
I would be in favour of this being put together asa port..
says he looking into the future where a multi server /
multi service 'system' is lurking.
Might be nice for configuring blade server arrays too.
mjt
Murray Taylor
Special Projects Engineer
Bytecraft Systems
E: mtaylor at bytecraft.com.au
--
"Any intelligent fool can make things bigger and more complex... It
takes a
touch of genius - and a lot of courage to move in the opposite
direction."
--Albert Einstein
---------------------------------------------------------------
The information transmitted in this e-mail is for the exclusive
use of the intended addressee and may contain confidential
and/or privileged material. Any review, re-transmission,
dissemination or other use of it, or the taking of any action
in reliance upon this information by persons and/or entities
other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or
addressee immediately and delete the material.
E-mails may not be secure, may contain computer viruses and
may be corrupted in transmission. Please carefully check this
e-mail (and any attachment) accordingly. No warranties are
given and no liability is accepted for any loss or damage
caused by such matters.
---------------------------------------------------------------
### This e-mail message has been scanned for Viruses by Bytecraft ###
More information about the freebsd-hackers
mailing list