Re: the state of ldap on netbsd

["matthew sporleder" <msporleder%gmail.com@localhost>]

On 2/12/08, matthew sporleder <msporleder%gmail.com@localhost> wrote:
> On 2/12/08, Brad Spencer <brad%anduin.eldar.org@localhost> wrote:
> >
> > I am working on a YP to LDAP conversion here and have messed with a lot of
> > this recently.
> >
> >    matthew sporleder wrote:
> >    > I was wondering why netbsd doesn't come with a native pam/nss-ldap.
> >    > (licensing?  no one has made the effort?  NIH?)
> >    >
> >    >
> >
> >    I guess the version in pkgsrc has been sufficent ... though from memory
> >    it was a little cumbersome to setup and test.
> >
> > It isn't too bad.
> >
> > There are a couple of limits with nss-ldap, however.  There does not exist
> > support in our libc to glue just everything that is available via YP maps
> > into the dynamically loadable stuff that nsswitch dispatch now provides.
> > The end result is that not every map that is available via 'nis' will be
> > available via ldap, even when the nss-ldap module supports it.  The other
> > limit I found was that the NetBSD glue code that is provided in pkgsrc for
> > nss-ldap does not support all of the loadable dispatches that libc
> > provides.  If I remember, it only provides for 'passwd' and 'group'.  I
> > added support for 'networks' locally, but have not had time to file a PR.
> > I would like to add support for 'hosts', but have not had time to do that
> > either...
> >
> > [snip]
> >
> > The worst part of the entire conversion, I think, was getting the pam
> > ordering right so that KRB5 and ldap can both be consulted for
> > authentication without whining too much.
> >
>
> I suppose this is because nis is built-in.  I think there are some
> comments around mentioning how there should be additional databases
> and more flexibility in nss.
>

There's also a fork of padl here:
http://ch.tudelft.nl/~arthur/nss-ldapd/

That looks pretty nice.