[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Importing OpenLDAP into base
On Wed, Apr 23, 2008 at 9:10 AM, Luke Mewburn <lukem%netbsd.org@localhost>
> I'd like to propose that we import OpenLDAP into NetBSD.
> * It appears to be most common protocol for distributed
> user & group authentication across heterogenous systems,
> including Windows (Active Directory), OS X, Solaris,
> most Linux distributions.
> It has replaced NIS for most UNIX systems.
> * Existing tools in the tree can be compiled with LDAP support,
> and providing an LDAP implementation in the base distribution
> removes the need to provide a replacement (via pkgsrc) of
> said tools just to enable LDAP. These include:
> - AMD (for the automount maps)
> - BIND (to store zones in, instead of using files)
> - Heimdal (to store the krb5 databasee)
> - Postfix (various address tables)
> - Racoon
> * OpenLDAP appears to have license suitable for use by TNF code:
> * OpenLDAP provides both a library for client applications to
> use, and a server implementation.
> * Can be used for username/group lookups and authentication
> via nsswitch nss_ldap.so and PAM pam_ldap.so modules.
> A common implementation is the LGPL licensed versions
> from http://www.padl.com/, which may or may not be suitable.
> A proof of concept BSD-licensed nss_ldap has been
> written by Tyler Retzlaff <rtr> for NetBSD.
> * Base gets a bit bigger.
> * LDAP isn't as lightweight as advertised.
> Proposed plan:
> * Import openldap 2.4.8 ("OpenLDAP release") into src/dist/openldap
> * Provide reachover Makefiles in the appropriate sections of the tree
> for the client libraries and the servers.
> There's a project at:
> for this. I don't think that the effort would take two weeks.
> * Enable LDAP in the various tools that can use it.
> * Consider providing defaults that use LDAP over SSL.
> * Evaluate & import Tyler Retzlaff's nss_ldap implementation
> (for at least passwd and group databases).
> * Write (or commission) a pam_ldap implementation.
> Opinions ?
I think this is a really good idea! What parts of openldap are you
planning on building?
I would propose that netbsd only provide the clients and libraries.
Supporting the server is daunting since openldap releases -often- and
needs a modern (from oracle) version of bdb to work as a real server.
(back-ldif didn't work as a real databsae when I tried it a few months
ago and back-passwd is claimed as demonstration-only -- see
Main Index |
Thread Index |