Feature request
Ivan Voras
ivoras at freebsd.org
Tue Apr 1 08:59:34 PDT 2008
On 01/04/2008, Mike Meyer <mwm at mired.org> wrote:
> On Tue, 01 Apr 2008 15:00:05 +0200 Ivan Voras <ivoras at freebsd.org> wrote:
>
> >
> > > Why OpenLDAP? Why not one of the other ldap implementations available
> > > in the ports? In particular, do any of them already have plugins for
> > > use with pam?
> >
> > What are the other LDAP implementations in ports? Especially the ones
> > that are actively maintained (which excludes tinyldap)? Any compliant
> > LDAP server with proper schemas will "support" PAM.
>
> Why does it need to be actively maintained? After all, if we're going
> to pull it into the base system, we'll have to find someone to
> actively maintain the code in the base system. If no one is
> maintaining the code externally, that in some ways makes their job
> easier.
Because history shows that even currently supported software (bind,
sendmail, gcc) are hard to maintain :) It would take a person to pick
up actively maintaining a software if its practically dead before even
thinking of putting it in base. (Though those things could happen
simultaneously - someone picking it up and putting it in base, the
probability is very low).
> And I didn't say "support", I said "already have plugins". Sure,
> anything can be connected to PAM if you can get someone to write the
> plugins. Or are you saying there's already an ldap plugin that uses
> ldap schemas?
Yes. I've been using pam_ldap and nss_ldap soon after they were
available on FreeBSD (i.e. somewhere in the 5.x lifecycle). These
support any LDAP server that has proper schemas (think of "LDAP
schema" as a struct in C or a SQL table structure...).
More information about the freebsd-hackers
mailing list