Re: [nssldap] release 0.2 of nss-ldapd

[Klaus Steinberger <Klaus.Steinberger [at] physik.uni-muenchen.de>]

Am Montag 18 Juni 2007 schrieb Ralf Haferkamp:
> On Monday 18 June 2007 17:39, Buchan Milne wrote:

> > In disucssions with Howard Chu, he indicated that if he were to re-design
> > nss_ldap, it would be a slapd caching proxy ...
>
> Or even a local syncrepl replica instead of a proxy (when the source is a
> syncrepl aware LDAP Server). But this would still mean that the NSS module
> needs to link against some LDAP client library, which will get you back to
> the symbol clashing issue (unless you link statically, which has other
> disadvantages).

A syncrepl replica would not be a good choice, as it would only talk with 
OpenLDAP. There are other LDAP Servers out there (and for some good reason) 
like Novell's Edirectory.

Also I think a proxy slapd is a bad choice too for those reasons:

- a too big thing for every workstation , like shooting with guns on little 
birds

- too complicated setup

- it will have maybe also trouble with some other LDAP servers

So please do it "KISS"

From what I have read in the discussion, a daemonized nss_ldap sounds like a 
interesting solution, it looks like it really solves some of the trouble I 
see with nss_ldap (even blocking the whole net on a dead nameserver). And it 
seems to be a simple enough setup.

Sincerly,
Klaus


-- 
Klaus Steinberger         Beschleunigerlaboratorium
Phone: (+49 89)289 14287  Am Coulombwall 6, D-85748 Garching, Germany
FAX:   (+49 89)289 14280  EMail: Klaus.Steinberger@Physik.Uni-Muenchen.DE
URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/

Attachment: smime.p7s
Description: S/MIME cryptographic signature