[Freedombox-discuss] LDAP
Bdale Garbee
bdale at gag.com
Wed Dec 4 18:19:45 UTC 2013
Jonas Smedegaard <dr at jones.dk> writes:
> Ok. Makes good sense to mandate use of shared auth mechanism. Not
> convinced LDAP is the ideal for that, though.
It probably isn't, but I don't know of anything better. Note that I
traded emails in Feb with Howard Chu about using LDAP in this local-only
way, and he strongly suggested we create an optimized build of openldap
with a smaller footprint than the Debian standard build.
Clearly not critical path, but this is another possible task for someone
out there reading who would like a modest project that could help us out
in the long term.
> It is of *big* importance to me that we do *not* move storage from /etc
> to a database: It may seem tempting to use that approach when needing a
> setup different from what the corresponding package maintainer offers,
> but since we have *no* administrator on our systems, our setup *must* be
> supported by package maintainers.
I agree.
What I think we can effectively use LDAP for is to manage the information
associated with identities. Users, what access rights they should have,
etc, in an application-neutral way that we can potentially wrap some
plinth UI goodness around eventually.
Bdale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131204/c472b255/attachment.sig>
More information about the Freedombox-discuss
mailing list