tech-userlevel archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Importing OpenLDAP into base
> > * Evaluate & import Tyler Retzlaff's nss_ldap implementation
> > (for at least passwd and group databases).
> >
> > * Write (or commission) a pam_ldap implementation.
> >
>
> From what I've heard "nss_ldap" and "pam_ldap" implementation tend towards
> being complicated because they have to deal with networking issues. Would
> it perhaps make sense to have an "ldapbind" daemon (similar to "ypbind")
> and keep this plugins really light weight?
>
Do you know if this sort of thing is defined anywhere? I like the
idea of doing some stuff automagically like interpolating the
domainname into the basedn, but then netbsd would be a one-off in a
system where you probably have a lot of different server types (why
you're using something like ldap in the first place). Have you seem
solaris's ldap_cachemgr? It might be similar to what you're talking
about.
On that note, however, solaris does provide something else called
'ldapclient' where you can setup your box using a profile/list of
config values.
Solaris also has some advanced capabilities in specifying per-database
configs (service search descriptors, I think) for each line of
nsswitch.conf which, I think, helps solve some of the limitations
presented by the (nss_)ldap.conf file. Of course, this could be
because I haven't studied linux's nsswtich or padl's (lacking, in my
opinion) documentation enough.
Matt
Home |
Main Index |
Thread Index |
Old Index