[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Debian getting rid of nis and adding rfc2307bis



On 06/26/2018 12:19 PM, malcolm moore wrote:
> Are there any instructions for this anywhere ?
> I've been seaching and struggling now for several 
> days and I can't work out how to do it. It can't
> be as difficult as i am making it

If you let dpkg-configure setup your LDAP server and/or NSS/PAM config
(sssd, nss-pam-ldapd, etc.) you should probably ask the Debian folks
what they're planning to do.

Be warned when using OS packages with too mighty config mechanims you
might run into surprising update issues later (seen incidents on Debian
and CentOS at my customers because of that). So personally I'm staying
away from OS package configuration mechs as far as possible
- own custom systemd unit files with additional hardening options
- disabled standard service name
- static monolithic slapd.conf generated by config management
- etc.

Also Debian folks link OpenLDAP against GnuTLS instead of OpenSSL
leading to its own set of issues. Therefore I'd recommend to use the LTB
builds if you don't want to build from source yourself.

Ciao, Michael.