Re: Debian and LDAP?
On Mon, 9 Oct 2000, Ben Collins wrote:
> > 3. there are no tools for creating and maintaining users in an ldap
> > database. this is the biggest problem, imo. login, passwd, chfn, chsd and
> > su are all pam-ified, but user{add,del} and group{add,del} aren't.
>
> LDAP is not used soley for authentication. It is, afterall, a Directory
> Service. This finds hundreds more uses than simple Name Service. You're
> tagging one feature as the entire reason for having LDAP, which is wrong.
>
i agree that ldap has many uses.
authentication is the big reason i want to use ldap. i apologize for
letting my opinion color what i intended to be a technical discussion.
that aside, i feel that the debian authentication support (not just
with LDAP) is lacking. there are required packages (passwd) which
manipulate /etc/passwd & /etc/group directly, versus using PAM. a bug
(#61210) was filed against passwd, but there has been no reply from the
maintainer. this is an upstream bug.
> Lest the final reason (excuse or whatever), Debian is volunteer. It wont
> get done if no one is willing or able to do it. I never had time to build
> up this particular feature. Giving everyone the apps that enabled them to
> do it was my main goal, and that goal was met (even if it isn't automatic,
> it is there).
>
if you would appriciate some help, e.g. with packaging the ldap migration
tools or folding them into the openldapd2 package, i would be willing to
assist.
i don't completely agree with your security argument, since switched
networks are getting more and more popular, as well as transport-level
encryption. but i would like to see the support nonetheless, and let the
user decide if it's a risk they want to take.
--
______________________________________________
| "the whole scale of cosmic dimensions are falling from my mouth
| in the description of a kiss of the interimlovers"
| - einsturzende neubaten, "interim"
Reply to: