[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: the state of ldap on netbsd
On 2/12/08, Brad Spencer <brad%anduin.eldar.org@localhost> wrote:
> I am working on a YP to LDAP conversion here and have messed with a lot of
> this recently.
> matthew sporleder wrote:
> > I was wondering why netbsd doesn't come with a native pam/nss-ldap.
> > (licensing? no one has made the effort? NIH?)
> I guess the version in pkgsrc has been sufficent ... though from memory
> it was a little cumbersome to setup and test.
> It isn't too bad.
> There are a couple of limits with nss-ldap, however. There does not exist
> support in our libc to glue just everything that is available via YP maps
> into the dynamically loadable stuff that nsswitch dispatch now provides.
> The end result is that not every map that is available via 'nis' will be
> available via ldap, even when the nss-ldap module supports it. The other
> limit I found was that the NetBSD glue code that is provided in pkgsrc for
> nss-ldap does not support all of the loadable dispatches that libc
> provides. If I remember, it only provides for 'passwd' and 'group'. I
> added support for 'networks' locally, but have not had time to file a PR.
> I would like to add support for 'hosts', but have not had time to do that
> The worst part of the entire conversion, I think, was getting the pam
> ordering right so that KRB5 and ldap can both be consulted for
> authentication without whining too much.
I suppose this is because nis is built-in. I think there are some
comments around mentioning how there should be additional databases
and more flexibility in nss.
Main Index |
Thread Index |