| 1 |
Zack Gilburd wrote: |
| 2 |
|
| 3 |
> I /tried/ using LDAP as my authentication for pam a while back, in hopes of |
| 4 |
> having a nice, network-wide, roaming profile. However, such hopes were |
| 5 |
> quickly shattered once I got authentication going even locally. My login |
| 6 |
> attempts would take /quite/ a while and it was very inefficient. |
| 7 |
|
| 8 |
Certainly, setup (in its current incarnation) is flawed, at a minimum. I |
| 9 |
think it could work if it were "distro sanctioned" and therefore had |
| 10 |
full support. A good example of directory services working from the |
| 11 |
get-go is Mac OS X. I know a lot of Linux users disapprove of MOSX. I |
| 12 |
don't bring it up to start that debate but to illustrate a working |
| 13 |
example. MOSX ships with NetInfo (enabled) and all auth, groups, hosts, |
| 14 |
and other related items are using the directory by default. This makes |
| 15 |
managing a network of MOSX boxes much like a visit to the candy shop - |
| 16 |
while sticky, still very sweet. |
| 17 |
|
| 18 |
> I would |
| 19 |
> rather see a MySQL database. |
| 20 |
|
| 21 |
The problem with this approach is that mysql is a bit (ok, a lot) |
| 22 |
heavier than openldap (or ldap in general). The other reason is because |
| 23 |
there are major differences between databases to such a degree that it |
| 24 |
matters much more than, say, replacing openldap with another |
| 25 |
implementation. Without getting into the debate of mysql vs. postgres, |
| 26 |
there are major differences between the two and if something system |
| 27 |
level (i.e. portage) were to use mysql, it would be pretty difficult |
| 28 |
(due to the differences in things like datatypes and the like) to move |
| 29 |
it over to postgresql or sapdb. All of that said, ldap was (or has |
| 30 |
evolved to be) designed for holding this type of information and is a |
| 31 |
bit more standardized in terms of types and schema. Also, as I said in |
| 32 |
my first email, it also provides for the replication, referrals, |
| 33 |
addressbook services, and other fantastic features. Say it quietly to |
| 34 |
yourself - "no more 'emerge sync'... simple propagation... platform |
| 35 |
agnostic standards..." - it sounds pretty good. ;) |
| 36 |
|
| 37 |
> Granted I am incorrect about my assertions above, I would like to see this |
| 38 |
> *work* in a real-world situation before I say, "Yea, sure, let's give LDAP a |
| 39 |
> try..." |
| 40 |
|
| 41 |
Absolutely. This is a architectural change and would require simple |
| 42 |
tools to convert between flat files and the directory service |
| 43 |
equivelents and other "goodies" for less caring / experienced / |
| 44 |
concerned users. Like everything else in Gentoo already is, it would |
| 45 |
have to be simple, powerful, extensible, and sexy as hell... (like the |
| 46 |
init scripts, portage, gentoolkit, mirrorselect, ufed, net-setup, |
| 47 |
env-update, modules-update, and all those other tools that make me all |
| 48 |
full of smiles) |
| 49 |
|
| 50 |
Sorry... the whole idea of working, integrated, supported directory |
| 51 |
services makes me froth at the mouth... |
| 52 |
|
| 53 |
;) |
| 54 |
|
| 55 |
-- |
| 56 |
Eric Sammer |
| 57 |
eric@××××××××××××.com |
| 58 |
http://www.ineoconcepts.com |
| 59 |
|
| 60 |
|
| 61 |
-- |
| 62 |
gentoo-dev@g.o mailing list |
Archives