Hi,

Kapetanakis Giannis wrote on Sat, Nov 27, 2010 at 02:51:02PM +0200:

quoted text
> Instead of ypldap I would prefer the system to directly contact the
> ldap servers to get user info similar the way nss does, and not
> using NIS as an extra layer for ldap.

The merit of a daemon like ypldap(8) is that is isolates the small,
standardized libc code from whatever arbitrary information retrieval
protocol a specific site may choose.

quoted text
> Looking around getpwent(3) I think it might be possible to extend
> its functionality to include ldap support as well.

I highly doubt that we want to bloat libc by integrating specific
protocols for authentication information retrieval, and least of
all with something as absurdly heavyweight as LDAP.  And i'm not
sure whether letting libc call back into user-supplied libraries
would be a smart idea, in particular regarding functions a vital
as user authentication.


That said, i admit that libc RPC and YP code is not that small,
not that standardized, and not that pretty.  But building an
additional system alongside it inside libc will not improve the
situation.  I feel unable to judge the consequences of replacing
it with something cleaner and simpler; in any case, that would be
a large and complex task.  Oh, and of course YP functionality
must be preserved.  People are using it.

Yours,
  Ingo