Jonas Smedegaard <d...@jones.dk> writes: > Ok. Makes good sense to mandate use of shared auth mechanism. Not > convinced LDAP is the ideal for that, though.
It probably isn't, but I don't know of anything better. Note that I traded emails in Feb with Howard Chu about using LDAP in this local-only way, and he strongly suggested we create an optimized build of openldap with a smaller footprint than the Debian standard build. Clearly not critical path, but this is another possible task for someone out there reading who would like a modest project that could help us out in the long term. > It is of *big* importance to me that we do *not* move storage from /etc > to a database: It may seem tempting to use that approach when needing a > setup different from what the corresponding package maintainer offers, > but since we have *no* administrator on our systems, our setup *must* be > supported by package maintainers. I agree. What I think we can effectively use LDAP for is to manage the information associated with identities. Users, what access rights they should have, etc, in an application-neutral way that we can potentially wrap some plinth UI goodness around eventually. Bdale
pgpGUezg64yP4.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss