| 1 |
>> I've recently got my Gentoo systems authenticating users/automount'ing |
| 2 |
>> home directories with all of the directory information coming from my |
| 3 |
>> openldap server :) |
| 4 |
>> |
| 5 |
>> What I would like to do is get al of my hard work into the relevant |
| 6 |
>> ebuilds now. I've a query though regarding USE variables. The "ldap" |
| 7 |
>> use variable seems a little overloaded in it's scope - it can be used |
| 8 |
>> for everything from adding ldap address book support in email clients, |
| 9 |
>> to providing ldap user authentication (with a little extra work...). |
| 10 |
>> |
| 11 |
>> I realise that USE variables could quickly become unmanageable if |
| 12 |
>> loads were added, but it would be nice if there were a way to specify, |
| 13 |
>> for example, what sort of authentication you wanted to use (a la |
| 14 |
>> RedHat and others I imagine) and have it work out of the box (or, if |
| 15 |
>> you will, source). |
| 16 |
>> |
| 17 |
>> For things like ldap, I would suggest maybe ldap_client and ldap_auth |
| 18 |
>> USE variables. Is this a bad suggestion...? |
| 19 |
>> |
| 20 |
> |
| 21 |
> Hrm...I'd say maybe just add ldap_auth. That way, existing builds won't |
| 22 |
> break, and people won't have to add additional flags to their USE |
| 23 |
> variable (ldap_client) unless they want this new functionality. |
| 24 |
|
| 25 |
The ldap_auth flag would make more sense in this respect. Thinking about |
| 26 |
it a little more though, I'm not so sure I was thinking straight anyway. |
| 27 |
Authentication should be handled by PAM, and so the back end should be |
| 28 |
transparent to any applications. |
| 29 |
|
| 30 |
I guess what I would really like is to be able to do: |
| 31 |
|
| 32 |
emerge ldap_auth |
| 33 |
|
| 34 |
and have it emerge openldap, pam_ldap and nss_ldap. |
| 35 |
|
| 36 |
Additionally, the ebuild will provide a convenient |
| 37 |
- |
| 38 |
"If you want to set up an LDAP directory for user authentication, run this |
| 39 |
command: |
| 40 |
|
| 41 |
ebuild /usr/portage/net-misc/ldap_auth/ldap_auth.ebuild setup_ldap_user_auth |
| 42 |
- |
| 43 |
|
| 44 |
or something like that. This command could then create the LDAP directory |
| 45 |
entries. Ideally, I can knock up some scripts like ldap_useradd, |
| 46 |
ldap_userdel, etc. to mimic their non-ldap counterparts functionality. |
| 47 |
|
| 48 |
How does this sound? |
| 49 |
|
| 50 |
Cheers, |
| 51 |
|
| 52 |
Gareth John |
Archives