[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: passwd backend and RFC 2307



At 10:16 PM 12/27/00 -0300, Nicolás Lichtmaier wrote:
>> > Why doesn't the passwd backend do as rfc 2307 says things should be?
>> RFC 2307 doesn't say how things "should be".  It's informational
>> and should be viewed as "one way to do things".  There are obviously
>> many ways one can represent users/accounts in a directory.
>
> Of course, but most RFC are that way.

All Informational RFCs are that way.   My point is that RFC 2307
is not Standard Track and should not be viewed as saying how things
"should be."   This is not to say that RFC 2307 does not offer a
reasonable way of doing things.

>And this RFC (if you search for
>posixAccount) is implemented in several places. One interesting place where
>it's implemented is in libnss-ldap...

Many informational RFCs are widely implemented, including
inetOrgPerson (RFC 2798).

IIRC, back-passwd uses only Standard Track schema.

>> >Is there any reason?
>> back-passwd pre-dates RFC 2307.
>> >Is this passwd backend a demo/sample code that nobody uses?
>> It is meant as a demo/sample backend which is meant to be adapted
>> as needed.
>
> But can the modifications and enhancements be adopted by the official
>OpenLDAP distribution? I think there's potential in this backend.

Generally useful changes are adopted.  I was just noting the
general intent of this backend. 

> I have already done something that works. I will post a patch in a few
>days (I'd like to reach the point when this can actually be used to
>authenticate a user with pam/nss).

One thing should be noted is that back-passwd only supports search.
I think it would be generally interesting to add support for bind
and other operatons (compare, passwd-change exop).

Kurt