Configuration Files. Was Re: Newbie with a base suffix searching problem

[Greg Retkowski <greg@rage.net>]

My thoughts on this are that a person should _not_ have to duplicate data
into a new place every time he/she installs a new LDAP-aware program. On
the other hand, I can see the problem with a slew of applications keeping
their application-specific data in a single file shared will all the other
applications. That being said, perhaps pam_ldap and nss_ldap should split
of their application-specific data to another file, however I think
ldap.conf also needs to be expanded to include a few more attibutes that
are dependant on the directory, not the application... LDAP-aware
applications should get basic LDAP configration information from it.

scope one|sub|base	The default search scope
crypt md5|sha|des|none	applications should be told the preferred
			password encryption logarithm for the server.

Perhaps something should be added to the LDAP API to abstract the physical
location of this data.

> It would be pretty easy to implement acl's which used UID information
> fetched with RFC1423 (pidentd())...

That would be a neet feature, although I'd still want a tight
authentication scheme for the really sensitive stuff. Would it be trivial
to expand the LDAP ACL's to who you are _and_ how you authenticated?

-- Greg

PS. Where can I find documentation on the group acl syntax? I've looked
around but failed to come up with anything.


<a href="mailto:greg@rage.net";>|\/\/|   Greg Retkowski   |\/\/|</a><br>
<a href="http://www.rage.net/";>|/\/\|"Save the Factories"|/\/\|</a><br>