Dmitry Butskoy wrote:
Pasi Kärkkäinen wrote:
Hello!
Anyone planning to upload/maintain nss-ldapd to fedora?
Seems like a better solution than nss-ldap..
http://ch.twi.tudelft.nl/~arthur/nss-ldapd/
Looks interesting...
Besides its useful features (fe. client/server splitting in the same
manner as Samba's winbindd does), this project is actively developed
now, and even the OpenLDAP upstream has written an overlay that
implements their own alternative "server" part for nss-ldapd.
I'll try to consider it more closely this week...
Well,
It provides NSS stuff only (whereas the ordinary nss_ldap provides both
NSS and PAM with one common config file). It seems that upstream is
focused on NSS only.
Two possible ways:
1) The current nss_ldap could be split to nss_ldap and pam_ldap (it
looks obvious because both have individual source tarballs). Then
"alternatives" could be used to switch between the old nss_ldap and new
nss-ldapd implementations.
2) Nss-ldapd's "nss_ldap.so" could be just renamed to, say,
"nss_ldapd.so" (and use "ldapd" in /etc/nsswitch.conf). This way
alternatives are not needed.
Anyway, from the current point of view, the switch to nss-ldapd will
increase the number of configuration files to edit (/etc/ldap.conf for
PAM, and /etc/nss-ldapd.conf for NSS), and both files look very identical...
Certainly an alternate PAM implementation seems not needed, the
client/server here is useful for NSS only. But it would be very fine if
nss-ldapd could use the same config file as pam_ldap uses (IOW, how the
current nss_ldap does). I don't know whether it is possible now or
intend to be possible in the future.
Any comments? Does anyone have good contact with upstream?
~buc
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
