[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Packaging nss-ldapd for fedora

Dmitry Butskoy wrote:
Pasi Kärkkäinen wrote:

Anyone planning to upload/maintain nss-ldapd to fedora?
Seems like a better solution than nss-ldap..


Looks interesting...

Besides its useful features (fe. client/server splitting in the same manner as Samba's winbindd does), this project is actively developed now, and even the OpenLDAP upstream has written an overlay that implements their own alternative "server" part for nss-ldapd.

I'll try to consider it more closely this week...


It provides NSS stuff only (whereas the ordinary nss_ldap provides both NSS and PAM with one common config file). It seems that upstream is focused on NSS only.

Two possible ways:

1) The current nss_ldap could be split to nss_ldap and pam_ldap (it looks obvious because both have individual source tarballs). Then "alternatives" could be used to switch between the old nss_ldap and new nss-ldapd implementations.

2) Nss-ldapd's "nss_ldap.so" could be just renamed to, say, "nss_ldapd.so" (and use "ldapd" in /etc/nsswitch.conf). This way alternatives are not needed.

Anyway, from the current point of view, the switch to nss-ldapd will increase the number of configuration files to edit (/etc/ldap.conf for PAM, and /etc/nss-ldapd.conf for NSS), and both files look very identical...

Certainly an alternate PAM implementation seems not needed, the client/server here is useful for NSS only. But it would be very fine if nss-ldapd could use the same config file as pam_ldap uses (IOW, how the current nss_ldap does). I don't know whether it is possible now or intend to be possible in the future.

Any comments? Does anyone have good contact with upstream?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]