LDAP integration

[Nathan Vidican]

Mike Meyer wrote:
> In <20070111035549.7c11a450 at vixen42>, Vulpes Velox <v.velox at vvelox.net> typed:
>   
>> LDAP is nice organizing across many systems, but if you are just
>> dealing with one computer it is complete over kill for any thing.
>>     
>
> In that situation, it's not merely overkill, it's may actually be a
> bad idea. Can you say "AIX SDR"? How about "Windows registry"?
>
> Those system both took the approach of putting all the configuration
> information in a central database. This creates problems because the
> tools needed to examine/fix the config database require a complex
> environment - at least compared to a statically linked copy of
> ed. LDAP may not be so bad, but it still makes me nervous.
>
> On the other hand, if you've got a flock of boxes to manage, having a
> way to tell the rc subsystem "Go read config values from this LDAP
> server" seems like a very attractive alternative.
>
> 	<mike
>   
Ok, so the general consensus seems to be that it's a good idea in some 
cases and not in others. I myself agree that it should not be part of 
the base setup for issues regarding the complication of the base 
distribution... but why not make a package for it?

Take this idea, and run with it... build a package that installs over 
the base installation, bundling the LDAP client libs, new rc structure, 
tools, etc all in one shot. Add it to the ports collection and call it 
done. - After all that's the wonder that is opensource... if ya want to 
improve something, go for it - even better if you can contribute your 
additions back to the community.

I think it could be the start of something really handy for those out 
there managing large banks of servers... a central configuration 
repository, key-based or something where you take a freshly installed 
server, and point it to a config 'key', reboot and poof! That server 
goes down, simply tell a spare one to use it's config 'key' and reboot - 
back up and running :) You'd get all the redundancy of LDAP, the 
organization of a directory tree, and the simplicity of uniform 
configuration information. This of course with some assumptions about 
storage and backup situations, but hey - it's an idea not a reality here 
I'm talking about.

Anyways... without digressing way too much, my point was this: if 
there's enough people interested in the idea, then collaborate and by 
all means try to make something of it. If it works out well, lots of 
people start adopting it, THEN we (the FreeBSD community) should look at 
including it as part of the base... until then, make it as a bundled 
package or something. I'm using LDAP here for users, groups, email and 
account information shared to many servers - and it works great, but 
it's certainly not for everyone and I'd never expect it to come 
out-of-the box with everything required to do so. Have to weigh the 
benefits against the costs.

This thread keeps arguing the good or the bad points of doing this - and 
it seems to me not something worth arguing the merits of. If you believe 
in it enough, then do it or at least try it. Lets move on from if we 
should or shouldn't, and look more to HOW we could...

Just my two and a half cents.


--
Nathan Vidican
nvidican at wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/