Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and more (SoC)

From: Dan Nelson <dnelson_at_allantgroup.com>
Date: Wed, 30 Aug 2006 09:45:26 -0500
In the last episode (Aug 30), Andre Oppermann said:
> Julian Elischer wrote:
> >John Baldwin wrote:
> >>Agreed.  I also think LDAP would be a very useful thing to add.  I
> >>know that I currently use NIS/yp because it just works and is
> >>integrated into the base, etc.  I think adding LDAP as the logical
> >>successor to NIS/yp would be a good thing.
> >
> >I agree with John. Historically things have moved to the base system
> >when they have reached some amount of public use, and they have been
> >needed for a large number of othre parts.. e.g. SSL.
> >
> >I think that LDAP has reached this point (in fact did so many
> >several years ago) and having a standard ldap implementation in the
> >base system allows us to make FreeBSD machien splay better in many
> >environments.
> 
> The problem is that OpenLDAP is a very big thing.  It contains a
> number of libraries and servers.  Importing the whole thing is
> clearly not the right thing as we should only ship the LDAP library. 
> However more complications come from the fact that you can build the
> LDAP library again with a number of further options and dependencies
> on other libraries.  Depending on your usage case you may need to
> turn one of those on or off for your other applications. Topping it
> off OpenLDAP does quite a few releases a year with important bug
> fixes.  This is quickly becoming backporting hell.  At the moment I'm
> not sure if the slapd server refuses to run with an older library
> found in the base system.
> 
> For this LDAP library thing to work there has to be a painless way to
> overwrite or override the base LDAP library with a custom, newer from
> ports or self-compiled one.
> 
> A quick glance into the OpenLDAP install instructions reveals that it
> depends on OpenSSL (check, it's in the base system), KERBEROS
> (optional in base system), Cyrus SASL library (not in base system)
> and POSIX threads (check).  I don't think we want to import Cyrus
> SASL into the base system.

The openldap client port builds WITHOUT_SASL=YES, though, so that's not
a problem.

-- 
	Dan Nelson
	dnelson_at_allantgroup.com
Received on Wed Aug 30 2006 - 12:45:36 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:59 UTC