Re: Directory enabled distribution

To: John Lines <john@paladin.demon.co.uk>
Cc: debian-devel@lists.debian.org
Subject: Re: Directory enabled distribution
From: Ben Collins <bcollins@debian.org>
Date: Mon, 8 Mar 1999 12:22:39 -0500
Message-id: <[🔎] 19990308122239.G28310@visi.net>
Mail-followup-to: John Lines <john@paladin.demon.co.uk>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 199903080750.HAA21062@athena.paladin.org.uk>; from John Lines on Mon, Mar 08, 1999 at 07:50:26AM +0000
References: <bcollins@debian.org> <[🔎] 199903080750.HAA21062@athena.paladin.org.uk>

On Mon, Mar 08, 1999 at 07:50:26AM +0000, John Lines wrote:
> Some key things are deciding on directory objectclasses - do we need a
> debianPerson ? (n.b.) - as a quick aside it might be good to have an empty
> /usr/local/etc/openldap/slapd.oc.conf included after the system slapd.oc.conf

For our db.debian.org we are creating a debian objectclass, final
definition is not yet complete. Maybe a
/etc/openldap/slapd.oc.local.conf would be more appropriate since it
keep everything pretty central as far as conf files.

> Local system administrators could define their own directory objects there
> and we (you) could track the RFCs for standard objects in the system version.
> (by the way the /etc/openldap/slapd.conf should default to no world read
> access as it contains the rootdn password - and administators should change
> the rootdn password - maybe the postinst should make it something random)

I'm working on a postinst that actually seeds the database with an
admin entry as well as the base entries. This will get rid of the need
for rootdn/rootpw to be there at all. I'll have this ready with the
openldap 1.2.1 package (1.2.1 will be released RSN).

> Sendmail builds and works well with the openldap libraries (and the built
> executable will work quite happily on systems without ldap).

Excellent. Also note that there is a seperate program that acts as a
gateway between sendmail and LDAP, it should probably be added to wnpp
in hopes that someone picks it up.

> I agree - though I think it is a good exercise to have two ldap packages
> in the system - perhaps Netscape will release their Directory server for
> Linux and we would be able to easily switch between that and openldap.

More than one server I can agree with, but for consistency sake, I
think we should focus on only one API. We don't want users having to
install umich-libldap as well as libopenldap just to get all their
programs working, as well as trying to debug functionality in both the
API's (will matter more when openldap get's LDAPv3 capability).

> At work many of our systems are Netware Directory Services based, and it shows
> that directory enabled operating systems are the way to go for managing
> thousands of users across hundreds of servers. LDAP is still a long way
> behind NDS in many areas (e.g. replication) and NDS is already built in to
> most of the Netware applications, but LDAP is now developing very quickly
> and, as an open standard, has more long term potential.

Since I'm not too up on NDS, what does it's replication have over
LDAP's replication?

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
OpenLDAP Core - bcollins@openldap.org                 bcollins@debian.org
UnixGroup Admin - Jordan Systems         The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --

Reply to:

References:
- Re: Directory enabled distribution
  - From: John Lines <john@paladin.demon.co.uk>

Prev by Date: Re: ANNOUNCE: debian party in San Jose, Marth 3rd
Next by Date: Re: Directory enabled distribution
Previous by thread: Re: Directory enabled distribution
Next by thread: uploaded oidentd to potato
Index(es):
- Date
- Thread