Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: the state of ldap on netbsd

I am working on a YP to LDAP conversion here and have messed with a lot of
this recently.

   matthew sporleder wrote:
   > I was wondering why netbsd doesn't come with a native pam/nss-ldap.
   > (licensing?  no one has made the effort?  NIH?)

   I guess the version in pkgsrc has been sufficent ... though from memory 
   it was a little cumbersome to setup and test.

It isn't too bad.

There are a couple of limits with nss-ldap, however.  There does not exist
support in our libc to glue just everything that is available via YP maps
into the dynamically loadable stuff that nsswitch dispatch now provides.
The end result is that not every map that is available via 'nis' will be
available via ldap, even when the nss-ldap module supports it.  The other
limit I found was that the NetBSD glue code that is provided in pkgsrc for
nss-ldap does not support all of the loadable dispatches that libc
provides.  If I remember, it only provides for 'passwd' and 'group'.  I
added support for 'networks' locally, but have not had time to file a PR.
I would like to add support for 'hosts', but have not had time to do that


The worst part of the entire conversion, I think, was getting the pam
ordering right so that KRB5 and ldap can both be consulted for
authentication without whining too much.

Brad Spencer - - KC8VKS  - & - [IPv6 only]

Home | Main Index | Thread Index | Old Index