Feature request

[Ivan Voras]

On 01/04/2008, Mike Meyer <mwm at mired.org> wrote:
> On Tue, 01 Apr 2008 15:00:05 +0200 Ivan Voras <ivoras at freebsd.org> wrote:
>
>  >
>  > > Why OpenLDAP? Why not one of the other ldap implementations available
>  > > in the ports? In particular, do any of them already have plugins for
>  > > use with pam?
>  >
>  > What are the other LDAP implementations in ports? Especially the ones
>  > that are actively maintained (which excludes tinyldap)? Any compliant
>  > LDAP server with proper schemas will "support" PAM.
>
>  Why does it need to be actively maintained? After all, if we're going
>  to pull it into the base system, we'll have to find someone to
>  actively maintain the code in the base system. If no one is
>  maintaining the code externally, that in some ways makes their job
>  easier.

Because history shows that even currently supported software (bind,
sendmail, gcc) are hard to maintain :) It would take a person to pick
up actively maintaining a software if its practically dead before even
thinking of putting it in base. (Though those things could happen
simultaneously - someone picking it up and putting it in base, the
probability is very low).

>  And I didn't say "support", I said "already have plugins". Sure,
>  anything can be connected to PAM if you can get someone to write the
>  plugins. Or are you saying there's already an ldap plugin that uses
>  ldap schemas?

Yes. I've been using pam_ldap and nss_ldap soon after they were
available on FreeBSD (i.e. somewhere in the 5.x lifecycle). These
support any LDAP server that has proper schemas (think of "LDAP
schema" as a struct in C or a SQL table structure...).