tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Importing OpenLDAP into base



I wish base would get smaller not bigger.
I would like to see openssh and openssl removed from base too.

In other words, I object importing openldap into base.

Zafer.



2008/4/23, Luke Mewburn <lukem%netbsd.org@localhost>:
> I'd like to propose that we import OpenLDAP into NetBSD.
>
>
>  Benefits:
>
>  * It appears to be most common protocol for distributed
>   user & group authentication across heterogenous systems,
>   including Windows (Active Directory), OS X, Solaris,
>   most Linux distributions.
>   It has replaced NIS for most UNIX systems.
>
>  * Existing tools in the tree can be compiled with LDAP support,
>   and providing an LDAP implementation in the base distribution
>   removes the need to provide a replacement (via pkgsrc) of
>   said tools just to enable LDAP.  These include:
>         - AMD (for the automount maps)
>         - BIND (to store zones in, instead of using files)
>         - Heimdal (to store the krb5 databasee)
>         - Postfix (various address tables)
>         - Racoon
>
>  * OpenLDAP appears to have license suitable for use by TNF code:
>         http://www.openldap.org/software/release/license.html
>
>  * OpenLDAP provides both a library for client applications to
>   use, and a server implementation.
>
>  * Can be used for username/group lookups and authentication
>   via nsswitch nss_ldap.so and PAM pam_ldap.so modules.
>   A common implementation is the LGPL licensed versions
>   from http://www.padl.com/, which may or may not be suitable.
>   A proof of concept BSD-licensed nss_ldap has been
>   written by Tyler Retzlaff <rtr> for NetBSD.
>
>
>  Costs:
>
>  * Base gets a bit bigger.
>
>  * LDAP isn't as lightweight as advertised.
>
>
>  Proposed plan:
>
>  * Import openldap 2.4.8 ("OpenLDAP release") into src/dist/openldap
>
>  * Provide reachover Makefiles in the appropriate sections of the tree
>   for the client libraries and the servers.
>   There's a project at:
>         http://www.netbsd.org/contrib/projects.html#ldapimport
>   for this.  I don't think that the effort would take two weeks.
>
>  * Enable LDAP in the various tools that can use it.
>
>  * Consider providing defaults that use LDAP over SSL.
>
>  * Evaluate & import Tyler Retzlaff's nss_ldap implementation
>   (for at least passwd and group databases).
>
>  * Write (or commission) a pam_ldap implementation.
>
>
>
>
>  Opinions ?
>
>
>  cheers,
>
> Luke.
>
>


Home | Main Index | Thread Index | Old Index