1 |
>> I've recently got my Gentoo systems authenticating users/automount'ing |
2 |
>> home directories with all of the directory information coming from my |
3 |
>> openldap server :) |
4 |
>> |
5 |
>> What I would like to do is get al of my hard work into the relevant |
6 |
>> ebuilds now. I've a query though regarding USE variables. The "ldap" |
7 |
>> use variable seems a little overloaded in it's scope - it can be used |
8 |
>> for everything from adding ldap address book support in email clients, |
9 |
>> to providing ldap user authentication (with a little extra work...). |
10 |
>> |
11 |
>> I realise that USE variables could quickly become unmanageable if |
12 |
>> loads were added, but it would be nice if there were a way to specify, |
13 |
>> for example, what sort of authentication you wanted to use (a la |
14 |
>> RedHat and others I imagine) and have it work out of the box (or, if |
15 |
>> you will, source). |
16 |
>> |
17 |
>> For things like ldap, I would suggest maybe ldap_client and ldap_auth |
18 |
>> USE variables. Is this a bad suggestion...? |
19 |
>> |
20 |
> |
21 |
> Hrm...I'd say maybe just add ldap_auth. That way, existing builds won't |
22 |
> break, and people won't have to add additional flags to their USE |
23 |
> variable (ldap_client) unless they want this new functionality. |
24 |
|
25 |
The ldap_auth flag would make more sense in this respect. Thinking about |
26 |
it a little more though, I'm not so sure I was thinking straight anyway. |
27 |
Authentication should be handled by PAM, and so the back end should be |
28 |
transparent to any applications. |
29 |
|
30 |
I guess what I would really like is to be able to do: |
31 |
|
32 |
emerge ldap_auth |
33 |
|
34 |
and have it emerge openldap, pam_ldap and nss_ldap. |
35 |
|
36 |
Additionally, the ebuild will provide a convenient |
37 |
- |
38 |
"If you want to set up an LDAP directory for user authentication, run this |
39 |
command: |
40 |
|
41 |
ebuild /usr/portage/net-misc/ldap_auth/ldap_auth.ebuild setup_ldap_user_auth |
42 |
- |
43 |
|
44 |
or something like that. This command could then create the LDAP directory |
45 |
entries. Ideally, I can knock up some scripts like ldap_useradd, |
46 |
ldap_userdel, etc. to mimic their non-ldap counterparts functionality. |
47 |
|
48 |
How does this sound? |
49 |
|
50 |
Cheers, |
51 |
|
52 |
Gareth John |