Re: Directory enabled distribution
On Mon, Mar 08, 1999 at 07:50:26AM +0000, John Lines wrote:
> Some key things are deciding on directory objectclasses - do we need a
> debianPerson ? (n.b.) - as a quick aside it might be good to have an empty
> /usr/local/etc/openldap/slapd.oc.conf included after the system slapd.oc.conf
For our db.debian.org we are creating a debian objectclass, final
definition is not yet complete. Maybe a
/etc/openldap/slapd.oc.local.conf would be more appropriate since it
keep everything pretty central as far as conf files.
> Local system administrators could define their own directory objects there
> and we (you) could track the RFCs for standard objects in the system version.
> (by the way the /etc/openldap/slapd.conf should default to no world read
> access as it contains the rootdn password - and administators should change
> the rootdn password - maybe the postinst should make it something random)
I'm working on a postinst that actually seeds the database with an
admin entry as well as the base entries. This will get rid of the need
for rootdn/rootpw to be there at all. I'll have this ready with the
openldap 1.2.1 package (1.2.1 will be released RSN).
> Sendmail builds and works well with the openldap libraries (and the built
> executable will work quite happily on systems without ldap).
Excellent. Also note that there is a seperate program that acts as a
gateway between sendmail and LDAP, it should probably be added to wnpp
in hopes that someone picks it up.
> I agree - though I think it is a good exercise to have two ldap packages
> in the system - perhaps Netscape will release their Directory server for
> Linux and we would be able to easily switch between that and openldap.
More than one server I can agree with, but for consistency sake, I
think we should focus on only one API. We don't want users having to
install umich-libldap as well as libopenldap just to get all their
programs working, as well as trying to debug functionality in both the
API's (will matter more when openldap get's LDAPv3 capability).
> At work many of our systems are Netware Directory Services based, and it shows
> that directory enabled operating systems are the way to go for managing
> thousands of users across hundreds of servers. LDAP is still a long way
> behind NDS in many areas (e.g. replication) and NDS is already built in to
> most of the Netware applications, but LDAP is now developing very quickly
> and, as an open standard, has more long term potential.
Since I'm not too up on NDS, what does it's replication have over
----- -- - -------- --------- ---- ------- ----- - - --- --------
Ben Collins <firstname.lastname@example.org> Debian GNU/Linux
OpenLDAP Core - email@example.com firstname.lastname@example.org
UnixGroup Admin - Jordan Systems The Choice of the GNU Generation
------ -- ----- - - ------- ------- -- ---- - -------- - --- ---- - --