LDAP integration

Wed Jan 10 23:47:10 UTC 2007

On Wed, 10 Jan 2007 13:56:23 -0800
Doug Barton <dougb at FreeBSD.org> wrote:

> Lamont Granquist wrote:
> 
> > Why are you doing this in the FreeBSD rc scripts directly?  Why
> > not install cfengine and work on making cfengine play better with
> > database-driven config?
> 
> Indeed. For a "many systems" problem, cfengine is a great tool. I
> think the OP is more interested in the "dynamically configured
> laptop" problem, which is also an interesting/difficult one, but I
> don't think it's a good problem for LDAP to solve. It still feels
> like "I have LDAP that I want to use as a solution, so what problem
> can I point it at?" to me.

Stuff like this is what LDAP truely shines for. It keeps everything
in a nicely organized manner that is easily accessible and searchable.

It is also nicely syncable.

> > And if you're looking specifically at the /etc/rc.conf config
> > file, what would be more useful would be an /etc/rc.conf.d/
> > directory.
> 
> Good news for you, we already support that. :) I agree that it
> makes a great tool for the "many systems" problem, and could
> reasonably be used for part of the "dynamic laptop" problem too.

Simply put... oh hell no. The rc.conf.d just makes a bloody mess.

> > That gets
> > away from the need to tweak and edit the /etc/rc.conf config file
> > with multiple inputs tweaking a single file.  Instead you can
> > drop whole orthogonal fragments into /etc/rc.conf.d/inetd to
> > manage the inetd config which would make it more friendly to
> > radmind-like approaches.  It also makes it easier to use with
> > cfengine since orthogonal cfengine modules aren't doing editfiles
> > touches to the same files. 
> 
> Yes yes yes all around. At one time I suggested that we add support
> for /usr/local/etc/rc.conf.d and encourage port authors to drop
> files in there, but I didn't get much enthusiasm for it. Perhaps
> it's time to revisit that?

Configuration of for the rc.d scripts should be left to rc.conf.

> > The
> > /etc/cron.d directory that (most?) linux distros have is
> > similarly very useful to drop in files that contain completely
> > orthogonal config (and may be written by entirely different
> > config management tools -- e.g. system config management vs.
> > application deployment/management), and the /etc/periodic
> > functionality is not flexible enough to cover all cases.
> 
> That's not a bad idea, but you'll have to find some other
> huckleberry to address it, I've got my hands full at the moment.

I don't have much to say in this area currently, but I have been
kicking around the idea of writing one that pulls from a LDAP
database and then logs to SQL for awhile. Not really something to be
included in the base system, but would be really interesting.