Packaging nss-ldapd for fedora

Dmitry Butskoy buc at odusz.so-cdu.ru
Mon Jul 21 14:55:17 UTC 2008


Dmitry Butskoy wrote:
> Pasi Kärkkäinen wrote:
>> Hello!
>>
>> Anyone planning to upload/maintain nss-ldapd to fedora?
>> Seems like a better solution than nss-ldap..
>>
>> http://ch.twi.tudelft.nl/~arthur/nss-ldapd/
>>   
>
> Looks interesting...
>
> Besides its useful features (fe. client/server splitting in the same 
> manner as Samba's winbindd does), this project is actively developed 
> now, and even the OpenLDAP upstream has written an overlay that 
> implements their own alternative "server" part for nss-ldapd.
>
> I'll try to consider it more closely this week...

Well,

It provides NSS stuff only (whereas the ordinary nss_ldap provides both 
NSS and PAM with one common config file). It seems that upstream is 
focused on NSS only.

Two possible ways:

1) The current nss_ldap could be split to nss_ldap and pam_ldap (it 
looks obvious because both have individual source tarballs). Then 
"alternatives" could be used to switch between the old nss_ldap and new 
nss-ldapd implementations.

2) Nss-ldapd's "nss_ldap.so" could be just renamed to, say, 
"nss_ldapd.so" (and use "ldapd" in /etc/nsswitch.conf). This way 
alternatives are not needed.

Anyway, from the current point of view, the switch to nss-ldapd will 
increase the number of configuration files to edit (/etc/ldap.conf for 
PAM, and /etc/nss-ldapd.conf for NSS), and both files look very identical...

Certainly an alternate PAM implementation seems not needed, the 
client/server here is useful for NSS only. But it would be very fine if 
nss-ldapd could use the same config file as pam_ldap uses (IOW, how the 
current nss_ldap does). I don't know whether it is possible now or 
intend to be possible in the future.

Any comments? Does anyone have good contact with upstream?


~buc






More information about the fedora-devel-list mailing list