[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian and LDAP?

On Mon, 9 Oct 2000, Ben Collins wrote:

> > 3. there are no tools for creating and maintaining users in an ldap
> > database. this is the biggest problem, imo. login, passwd, chfn, chsd and
> > su are all pam-ified, but user{add,del} and group{add,del} aren't.
> LDAP is not used soley for authentication. It is, afterall, a Directory
> Service. This finds hundreds more uses than simple Name Service. You're
> tagging one feature as the entire reason for having LDAP, which is wrong.
i agree that ldap has many uses.

authentication is the big reason i want to use ldap. i apologize for
letting my opinion color what i intended to be a technical discussion.

that aside, i feel that the debian authentication support (not just
with LDAP) is lacking. there are required packages (passwd) which 
manipulate /etc/passwd & /etc/group directly, versus using PAM. a bug
(#61210) was filed against passwd, but there has been no reply from the
maintainer. this is an upstream bug.

> Lest the final reason (excuse or whatever), Debian is volunteer. It wont
> get done if no one is willing or able to do it. I never had time to build
> up this particular feature. Giving everyone the apps that enabled them to
> do it was my main goal, and that goal was met (even if it isn't automatic,
> it is there).
if you would appriciate some help, e.g. with packaging the ldap migration
tools or folding them into the openldapd2 package, i would be willing to

i don't completely agree with your security argument, since switched
networks are getting more and more popular, as well as transport-level
encryption. but i would like to see the support nonetheless, and let the
user decide if it's a risk they want to take.

| "the whole scale of cosmic dimensions are falling from my mouth
| in the description of a kiss of the interimlovers"
|   - einsturzende neubaten, "interim"

Reply to: