Re: [nssldap] release 0.2 of nss-ldapd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] release 0.2 of nss-ldapd
- From: Howard Chu <hyc [at] highlandsun.com>
- To: Ralf Haferkamp <rhafer [at] suse.de>
- Cc: Buchan Milne <bgmilne [at] staff.telkomsa.net>, nssldap [at] padl.com, Arthur de Jong <arthur [at] ch.tudelft.nl>
- Subject: Re: [nssldap] release 0.2 of nss-ldapd
- Date: Mon, 18 Jun 2007 13:49:28 -0700
Ralf Haferkamp wrote:
On Monday 18 June 2007 17:39, Buchan Milne wrote:
On Monday, 18 June 2007, Ralf Haferkamp wrote:
Note: Some of the above stuff could also get realized by setting up a
local instance of the OpenLDAP server as a caching proxy (having nss_ldap
talking to it via LDAPI), but I still like the idea of a daemonized
nss_ldap very much.
In disucssions with Howard Chu, he indicated that if he were to re-design
nss_ldap, it would be a slapd caching proxy ...
Or even a local syncrepl replica instead of a proxy (when the source is a
syncrepl aware LDAP Server).
The two ideas aren't mutually exclusive. You could use syncrepl to keep a proxy
cache up to date, and either pull down a complete DB or just refresh the
entries you've already cached.
But this would still mean that the NSS module
needs to link against some LDAP client library, which will get you back to
the symbol clashing issue (unless you link statically, which has other
disadvantages).
Yes, ultimately you still need some IPC mechanism and protocol to talk to
whatever local daemon you choose. I think using LDAP is still better than
inventing your own. As a purpose-built NSS module I would just locally hardcode
a "send_search_request" function with a "read_search_reply" function and avoid
using libldap directly. Sending queries over ldapi:// would require very little
additional code.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
- Re: [nssldap] release 0.2 of nss-ldapd, (continued)