Re: Importing OpenLDAP into base

To: tech-userlevel%NetBSD.org@localhost
Subject: Re: Importing OpenLDAP into base
From: Juan RP <xtraeme%gmail.com@localhost>
Date: Wed, 23 Apr 2008 15:17:30 +0200

On Wed, 23 Apr 2008 23:10:19 +1000
Luke Mewburn <lukem%NetBSD.org@localhost> wrote:

> I'd like to propose that we import OpenLDAP into NetBSD.
> 
> 
> Benefits:
> 
> * It appears to be most common protocol for distributed
>   user & group authentication across heterogenous systems,
>   including Windows (Active Directory), OS X, Solaris,
>   most Linux distributions.
>   It has replaced NIS for most UNIX systems.
> 
> * Existing tools in the tree can be compiled with LDAP support,
>   and providing an LDAP implementation in the base distribution
>   removes the need to provide a replacement (via pkgsrc) of
>   said tools just to enable LDAP.  These include:
>       - AMD (for the automount maps)
>       - BIND (to store zones in, instead of using files)
>       - Heimdal (to store the krb5 databasee)
>       - Postfix (various address tables)
>       - Racoon
> 
> * OpenLDAP appears to have license suitable for use by TNF code:
>       http://www.openldap.org/software/release/license.html
> 
> * OpenLDAP provides both a library for client applications to
>   use, and a server implementation.
> 
> * Can be used for username/group lookups and authentication
>   via nsswitch nss_ldap.so and PAM pam_ldap.so modules.
>   A common implementation is the LGPL licensed versions
>   from http://www.padl.com/, which may or may not be suitable.
>   A proof of concept BSD-licensed nss_ldap has been
>   written by Tyler Retzlaff <rtr> for NetBSD.
> 
> 
> Costs:
> 
> * Base gets a bit bigger.
> 
> * LDAP isn't as lightweight as advertised.
> 
> 
> Proposed plan:
> 
> * Import openldap 2.4.8 ("OpenLDAP release") into src/dist/openldap
> 
> * Provide reachover Makefiles in the appropriate sections of the tree
>   for the client libraries and the servers.
>   There's a project at:
>       http://www.netbsd.org/contrib/projects.html#ldapimport
>   for this.  I don't think that the effort would take two weeks.
> 
> * Enable LDAP in the various tools that can use it.
> 
> * Consider providing defaults that use LDAP over SSL.
> 
> * Evaluate & import Tyler Retzlaff's nss_ldap implementation
>   (for at least passwd and group databases).
> 
> * Write (or commission) a pam_ldap implementation.

I only want to say that all that you said is true and reasonable, so my vote
is "100% agreed".

Also it seems nobody will come up with a BSD implementation, so that will
give us many more benefits than not having it.

-- 
Juan Romero Pardines - xtraeme at gmail|netbsd dot org
        The NetBSD Project

Make your own NetBSD/x86 Live CD:
http://www.netbsd.org/~xtraeme/mklivecd/

References:
- Importing OpenLDAP into base
  - From: Luke Mewburn

Prev by Date: Importing OpenLDAP into base
Next by Date: Re: Importing OpenLDAP into base
Previous by Thread: Importing OpenLDAP into base
Next by Thread: Re: Importing OpenLDAP into base
Indexes:

Home | Main Index | Thread Index | Old Index