nss_ldap and openldap importing

[Michael Bushkov]

Brooks Davis wrote:
On Mon, Jul 10, 2006 at 03:48:54PM -0700, David O'Brien wrote:
> > On Thu, Jul 06, 2006 at 06:54:58PM -0700, Brooks Davis wrote:
> > > On Thu, Jul 06, 2006 at 10:49:27AM -0700, Doug Barton wrote:
> > ..snip..
> > Why can't this live in ports?  In none of my environments do I need LDAP
> > support.  I cannot imagine most of our users need LDAP support either.
> > Also, openldap-2.3.24 appears to be 19MB of files.  Just what are we
> > talking about importing?  I assume just the 3MB of the library 
> > directory?
>
> My life would be a heck of a lot simpler if LDAP support were included
> in the base.  At the moment I'm using NIS in several situations where
> it just doesn't cut it any more.  IMO we need (as a minimum) a modern
> network directory service client in the base.  While a majority of
> FreeBSD users may not need LDAP in the base, I would suspect that a
> majority of machines would benefit from it.  A much greater portion of
> machines would probably benefit from and LDAP client then benefit from a
> number of the servers in the base system such as BIND (not a criticism
> of having BIND in the base).
> -- Brooks


I fully agree - IMO when you have a large network, that uses LDAP, having 
nss_ldap in the base can be beneficial.
And more - if we have our own implementation of nss_ldap, we can support not 
only RFC 2307 and RFC 2307bis LDAP schemas, but have one more schema 
variant, that will be more FreeBSD-specific (i.e. support pw_class for 
struct passwd, for example).
As this discussion lasts, I'm turning more and more towards rewriting 
nss_ldap from scratch (both to solve BSD-licensing problem and to add 
support for tuned schema). I'm currently checking if there won't be any 
Summer Of Code administrative issues (I didn't mention nss_ldap rewriting 
from scratch in my initial project proposal), but I don't think that they'll 
appear. I guess, I'll start  working on implementation in 1-2 days

--
Michael