nss_ldap and openldap importing
Michael Bushkov
bushman at rsu.ru
Tue Jul 11 07:24:26 UTC 2006
Brooks Davis wrote:
On Mon, Jul 10, 2006 at 03:48:54PM -0700, David O'Brien wrote:
> > On Thu, Jul 06, 2006 at 06:54:58PM -0700, Brooks Davis wrote:
> > > On Thu, Jul 06, 2006 at 10:49:27AM -0700, Doug Barton wrote:
> > ..snip..
> > Why can't this live in ports? In none of my environments do I need LDAP
> > support. I cannot imagine most of our users need LDAP support either.
> > Also, openldap-2.3.24 appears to be 19MB of files. Just what are we
> > talking about importing? I assume just the 3MB of the library
> > directory?
>
> My life would be a heck of a lot simpler if LDAP support were included
> in the base. At the moment I'm using NIS in several situations where
> it just doesn't cut it any more. IMO we need (as a minimum) a modern
> network directory service client in the base. While a majority of
> FreeBSD users may not need LDAP in the base, I would suspect that a
> majority of machines would benefit from it. A much greater portion of
> machines would probably benefit from and LDAP client then benefit from a
> number of the servers in the base system such as BIND (not a criticism
> of having BIND in the base).
> -- Brooks
I fully agree - IMO when you have a large network, that uses LDAP, having
nss_ldap in the base can be beneficial.
And more - if we have our own implementation of nss_ldap, we can support not
only RFC 2307 and RFC 2307bis LDAP schemas, but have one more schema
variant, that will be more FreeBSD-specific (i.e. support pw_class for
struct passwd, for example).
As this discussion lasts, I'm turning more and more towards rewriting
nss_ldap from scratch (both to solve BSD-licensing problem and to add
support for tuned schema). I'm currently checking if there won't be any
Summer Of Code administrative issues (I didn't mention nss_ldap rewriting
from scratch in my initial project proposal), but I don't think that they'll
appear. I guess, I'll start working on implementation in 1-2 days
--
Michael
More information about the freebsd-current
mailing list