Re: [gentoo-dev] Directory services (was Re: [gentoo-dev] maybe it is time to put portage queries into a database.)

[Eric Sammer <eric@ineoconcepts.com>]

Zack Gilburd wrote:

> I /tried/ using LDAP as my authentication for pam a while back, in hopes of 
> having a nice, network-wide, roaming profile.  However, such hopes were 
> quickly shattered once I got authentication going even locally.  My login 
> attempts would take /quite/ a while and it was very inefficient.

Certainly, setup (in its current incarnation) is flawed, at a minimum. I 
think it could work if it were "distro sanctioned" and therefore had 
full support. A good example of directory services working from the 
get-go is Mac OS X. I know a lot of Linux users disapprove of MOSX. I 
don't bring it up to start that debate but to illustrate a working 
example. MOSX ships with NetInfo (enabled) and all auth, groups, hosts, 
and other related items are using the directory by default. This makes 
managing a network of MOSX boxes much like a visit to the candy shop - 
while sticky, still very sweet.

> I would 
> rather see a MySQL database.

The problem with this approach is that mysql is a bit (ok, a lot) 
heavier than openldap (or ldap in general). The other reason is because 
there are major differences between databases to such a degree that it 
matters much more than, say, replacing openldap with another 
implementation. Without getting into the debate of mysql vs. postgres, 
there are major differences between the two and if something system 
level (i.e. portage) were to use mysql, it would be pretty difficult 
(due to the differences in things like datatypes and the like) to move 
it over to postgresql or sapdb. All of that said, ldap was (or has 
evolved to be) designed for holding this type of information and is a 
bit more standardized in terms of types and schema. Also, as I said in 
my first email, it also provides for the replication, referrals, 
addressbook services, and other fantastic features. Say it quietly to 
yourself - "no more 'emerge sync'... simple propagation... platform 
agnostic standards..." - it sounds pretty good. ;)

> Granted I am incorrect about my assertions above, I would like to see this 
> *work* in a real-world situation before I say, "Yea, sure, let's give LDAP a 
> try..."

Absolutely. This is a architectural change and would require simple 
tools to convert between flat files and the directory service 
equivelents and other "goodies" for less caring / experienced / 
concerned users. Like everything else in Gentoo already is, it would 
have to be simple, powerful, extensible, and sexy as hell... (like the 
init scripts, portage, gentoolkit, mirrorselect, ufed, net-setup, 
env-update, modules-update, and all those other tools that make me all 
full of smiles)

Sorry... the whole idea of working, integrated, supported directory 
services makes me froth at the mouth...

;)

-- 
Eric Sammer
eric@ineoconcepts.com
http://www.ineoconcepts.com


--
gentoo-dev@gentoo.org mailing list