FC2 and general LDAP Support

Ulrich Drepper drepper at redhat.com
Thu Nov 27 00:50:25 UTC 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lengthy thread, but I still want to add my 2¢.

Making LDAP the default is overkill for a lot of people.  Centralized
administration is useful in larger networks and maybe even in some home
networks.  My home network certainly qualifies as not-small but I still
wouldn't want it since I have different configurations on the different
machines.  LDAP must be introduced on demand, and not forced upon one.

BTW: it's not only the LDAP daemon which is needed, every machine in the
network would also have to use nscd.  Without it LDAP can be, ehm, slow.


What I completely agree with is that the LDAP integration into the
distribution isn't as good as it could get (euphemism).  Every time I
have to install it I do something wrong and it ends up costing me hours.

So, what I'd suggest as a first step is writing some meta RPMs which do
the conversion for you.  This Sun jvm RPM which has been repeatedly
mentioned here is a splendid idea: don't distribute the code, just a way
to make it work.  Make the code a dependency.

Same can be done for the LDAP stuff.  Make an RPM which requires all the
LDAP components which then does all or parts of this list:

~ create a key for the server
~ run the migration scripts
~ make the ldap nss module used locally
~ make sure nscd is running
~ eventually replace programs like useradd with useradd.ldap
~ create a script the admin can run on the other machines in the network
~ etc etc

Make it a pleasant experience to install LDAP.  No programming
experience requires, just admin knowledge.


Step 2 is then creating an environment to actually maintain such an
installation.  Probably graphic tools etc.  But this is step 2.


IMO such meta RPMs are truly a nice way to do these things.  There can
even be multiple versions of such RPMs.  For instance for the LDAP case,
with or without AD support.  That's a nice little project for somebody
who wants to get involved in the FC project.  I can certainly add what I
know.  Volunteers?

- -- 
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/xUpR2ijCOnn/RHQRAoshAKChePkYG8o4qhZ3utsxNEj20pYDIgCeJOc6
XaITdUs0RAW1LV0/PtWKBlI=
=9LLk
-----END PGP SIGNATURE-----

More information about the fedora-devel-list mailing list