Re: Importing OpenLDAP into base

["matthew sporleder" <msporleder%gmail.com@localhost>]

> > * Evaluate & import Tyler Retzlaff's nss_ldap implementation
> >  (for at least passwd and group databases).
> >
> > * Write (or commission) a pam_ldap implementation.
> >
>
>  From what I've heard "nss_ldap" and "pam_ldap" implementation tend towards
>  being complicated because they have to deal with networking issues. Would
>  it perhaps make sense to have an "ldapbind" daemon (similar to "ypbind")
>  and keep this plugins really light weight?
>

Do you know if this sort of thing is defined anywhere?  I like the
idea of doing some stuff automagically like interpolating the
domainname into the basedn, but then netbsd would be a one-off in a
system where you probably have a lot of different server types (why
you're using something like ldap in the first place).  Have you seem
solaris's ldap_cachemgr?  It might be similar to what you're talking
about.

On that note, however, solaris does provide something else called
'ldapclient' where you can setup your box using a profile/list of
config values.

Solaris also has some advanced capabilities in specifying per-database
configs (service search descriptors, I think) for each line of
nsswitch.conf which, I think, helps solve some of the limitations
presented by the (nss_)ldap.conf file.  Of course, this could be
because I haven't studied linux's nsswtich or padl's (lacking, in my
opinion) documentation enough.

Matt