[Freedombox-discuss] LDAP

Bdale Garbee bdale at gag.com
Wed Dec 4 18:19:45 UTC 2013

Jonas Smedegaard <dr at jones.dk> writes:

> Ok.  Makes good sense to mandate use of shared auth mechanism.  Not 
> convinced LDAP is the ideal for that, though.

It probably isn't, but I don't know of anything better.  Note that I
traded emails in Feb with Howard Chu about using LDAP in this local-only
way, and he strongly suggested we create an optimized build of openldap
with a smaller footprint than the Debian standard build.   

Clearly not critical path, but this is another possible task for someone
out there reading who would like a modest project that could help us out
in the long term.

> It is of *big* importance to me that we do *not* move storage from /etc 
> to a database: It may seem tempting to use that approach when needing a 
> setup different from what the corresponding package maintainer offers, 
> but since we have *no* administrator on our systems, our setup *must* be 
> supported by package maintainers.

I agree.

What I think we can effectively use LDAP for is to manage the information
associated with identities.  Users, what access rights they should have,
etc, in an application-neutral way that we can potentially wrap some
plinth UI goodness around eventually.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131204/c472b255/attachment.sig>

More information about the Freedombox-discuss mailing list