Packaging nss-ldapd for fedora
Dmitry Butskoy
buc at odusz.so-cdu.ru
Mon Jul 21 14:55:17 UTC 2008
Dmitry Butskoy wrote:
> Pasi Kärkkäinen wrote:
>> Hello!
>>
>> Anyone planning to upload/maintain nss-ldapd to fedora?
>> Seems like a better solution than nss-ldap..
>>
>> http://ch.twi.tudelft.nl/~arthur/nss-ldapd/
>>
>
> Looks interesting...
>
> Besides its useful features (fe. client/server splitting in the same
> manner as Samba's winbindd does), this project is actively developed
> now, and even the OpenLDAP upstream has written an overlay that
> implements their own alternative "server" part for nss-ldapd.
>
> I'll try to consider it more closely this week...
Well,
It provides NSS stuff only (whereas the ordinary nss_ldap provides both
NSS and PAM with one common config file). It seems that upstream is
focused on NSS only.
Two possible ways:
1) The current nss_ldap could be split to nss_ldap and pam_ldap (it
looks obvious because both have individual source tarballs). Then
"alternatives" could be used to switch between the old nss_ldap and new
nss-ldapd implementations.
2) Nss-ldapd's "nss_ldap.so" could be just renamed to, say,
"nss_ldapd.so" (and use "ldapd" in /etc/nsswitch.conf). This way
alternatives are not needed.
Anyway, from the current point of view, the switch to nss-ldapd will
increase the number of configuration files to edit (/etc/ldap.conf for
PAM, and /etc/nss-ldapd.conf for NSS), and both files look very identical...
Certainly an alternate PAM implementation seems not needed, the
client/server here is useful for NSS only. But it would be very fine if
nss-ldapd could use the same config file as pam_ldap uses (IOW, how the
current nss_ldap does). I don't know whether it is possible now or
intend to be possible in the future.
Any comments? Does anyone have good contact with upstream?
~buc
More information about the fedora-devel-list
mailing list