Re: [nssldap] release 0.2 of nss-ldapd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] release 0.2 of nss-ldapd
- From: Arthur de Jong <arthur [at] ch.tudelft.nl>
- To: nssldap [at] padl.com
- Subject: Re: [nssldap] release 0.2 of nss-ldapd
- Date: Tue, 19 Jun 2007 14:58:37 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 19 Jun 2007, Ralf Haferkamp wrote:
Hm, ok I got your points. But I am still not quite convinced yet :). I'd
probably go for a protocol that maps closer to the API of NSS, e.g.
similar to what winbind or nscd use "on the wire" (IIRC). Adding
pam_ldap to the mix (which is of course a good candidate to also use
such a daemon) would of course mean to add PAM specific operations as
well. But in the end that will result in having the NSS and PAM modules
really small and simple and having most of the intelligence inside the
daemon. I'd probably prefer that.
FWIW nss-ldapd currently uses a very simple protocol that is very close to
the NSS API (see nslcd.h for a general overview). This means that all the
complexity for which you need a configuration file (e.g. attribute
mapping, search bases, etc) is in the daemon.
The only "configuration" information that is in the NSS part is the name
of the socket (which is compiled in).
I'm not sure about the PAM module as the calls you need to do are quite
different from the NSS based queries. The NSS calls generally do
login-or-reuse-connection -> query
while the PAM parts mainly test the login part (or can they also
authentication/authorisation based on attribute values?).
I'm focussing on the NSS part for now anyway (enough work to be done
there to keep me busy for a while).
- --
- -- arthur - arthur@ch.tudelft.nl - http://ch.tudelft.nl/~arthur --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGd9MAdW9ORzoziHIRAm+8AJ9DYXmP97yT5pmoYi43/hg+DV2XNgCfZRJM
uTkmPv5LqEYZXDUMSX4M2to=
=Fy5Q
-----END PGP SIGNATURE-----