Luke Mewburn wrote:
On Fri, Apr 25, 2008 at 04:48:35PM +0200, Anders Magnusson wrote:| Anyway, that said, I think NetBSD really should go towards using | ldap+kerberos| as some sort of standard solution for network environment. This has merit, and prior art (AFAIK, it's basically what "Active Directory" is.)Having good documentation and defaults for getting bothclient and server Kerberos+LDAP setups would be a worthwhile benefit, since neither is reknowned for being "easy" to setup.
Yes, that would be great, and I have some ideas about how to deal with it. I will mail out a separate mail about how I think it could be done :-)
| What I would like to have is a lightweight version of an ldap server | that would be | basically just to store the basic system information just like YP, and | not as many | fancy features. If people would want those features then use openldap | or iplanetI did spend a few a few hours to read through the RFCs about how the LDAP protocol works, and also wrote a small LDAP server. Which were not especially difficult. I think that the best way would be to integrate most stuff with a small LDAP server so that the large config goo of OpenLDAP can be avoided for small environments.| instead.| | Hm, thinking about it, I do not think it would be especially difficult | to write such | an ldap server. Would it be interesting? Luke, can you wait a week or | so before | importing openldap? I can take a quick look at it and come back with an | estimate.Sure. Most of my impetus was in getting client LDAP code that can be used by various in-tree applications as well as which implementation of nss_ldap and pam_ldap we select. There's nothing prevent us having dist/openldap with reachover makefiles for the client code, and provide a separate server if that turns out to be the "best" solution for the default install.
More about this in a separate mail. -- Ragge