tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Importing OpenLDAP into base

On 23 Apr 2008, at 14:10, Luke Mewburn wrote:
I'd like to propose that we import OpenLDAP into NetBSD.

This is a very good idea. I was considering to propose that myself.

* It appears to be most common protocol for distributed
 user & group authentication across heterogenous systems,
 including Windows (Active Directory), OS X, Solaris,
 most Linux distributions.
 It has replaced NIS for most UNIX systems.

That is the main reason. At work we don't have NIS, "only" LDAP and Kerberos.
It is not possible to integrate a NetBSD system into such an environment
without installing a lot of packages.

* Base gets a bit bigger.

Indeed, about 4.7MB under NetBSD-i386. But I think it is worth the disk space.

* LDAP isn't as lightweight as advertised.

Very true.

* Evaluate & import Tyler Retzlaff's nss_ldap implementation
 (for at least passwd and group databases).

* Write (or commission) a pam_ldap implementation.

From what I've heard "nss_ldap" and "pam_ldap" implementation tend towards being complicated because they have to deal with networking issues. Would
it perhaps make sense to have an "ldapbind" daemon (similar to "ypbind")
and keep this plugins really light weight?

        Kind regards

Matthias Scheler                 

Home | Main Index | Thread Index | Old Index