Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Removing openldap?

On Thu, Oct 02, 2014 at 10:33:02AM +0000, Michael van Elst wrote:
> (Thomas Klausner) writes:
> >I think there is no particular need to have openldap in the base
> >system; I don't see any particular integration, and it puts more
> >burden of maintenance on us. I think that installing openldap from
> >pkgsrc should be good enough.
> openldap is used by postfix, sshd and amd. There is also pam-ldap in
> pkgsrc that we might want to import into base.
> All this is only using the client part of openldap.

I would support removing the server parts of openldap but wonder whether
this would actually reduce maintenance burden.

It would reduce attack surface on some systems.

 Thor Lancelot Simon	                            
"From the tooth paste you use in the morning to the salt on your evening meal,
it's easy to take for granted the many products brought to us with explosives."
    - Institute of Manufacturers of Explosives, "Explosives Make It Possible" 

Home | Main Index | Thread Index | Old Index