+1, and good riddance! - Garrett
Gary Winiger wrote: > I'm sponsoring this Fast Track for Raja Gopal Andra, the RPE naming team, > and the NIS+ core team. It requests removal of all the NIS+ related > interfaces and documentation in a Minor Release. While this is somewhat > long, the case owner and project team believe it still qualifies for a > Fast Track as the length details the how the EOL required dependences are > satisfied. > > This project is unrelated to pam_ldap(5) and has no effect on it or > the Sun Java System Directory Server. > > The current NIS+(1) man page and redacted opinions for PSARC/2000/370 (EOL of > NIS+) and PSARC/2004/638 (Removal of Sun Directory Server 5.1 from Solaris > WOS) > are in the case directory. > > The timer is set for 12 Oct., 2009. > > Gary.. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Background: > ========== > NIS+(1) seems to have been introduced prior to the recording of PSARC cases > in 1991. The first references I've found are Vikul Khosla's nisaddcred flag > (PSARC/1992/187) and Chuck McManis' NIS+ diagnostics (PSARC/1992/188) cases. > They refer to NIS+, but not to any previous cases, though ZNS demos > (PSARC/1991/023) seems somehow related. The NIS+ promise never achieved > sufficient traction to supplant NIS (nee YP). X500 directory servers and > the Lightweight Directory Access Protocol (LDAP) have supplanted the promise > of NIS+. EOL of NIS+ (PSARC/2000/370) started the process leading to this > case. > > Dependences: > =========== > o PSARC/2000/370 (EOL of NIS+) opinion states: > > 2. Decision & Precedence Information > . . . > Note: the approval of this case does not authorize the > actual removal of NIS+ support from Solaris. That removal > will need to be the subject of another case. That case will > depend on at least: > > PSARC/2000/311 NIS+/LDAP Migration > > PSARC/2000/363 Native LDAP phase II > > LSARC/2001/101 Bundling of LDAP Directory Server > {actually PSARC/2001/101 -gww} > > 4. Opinion > > The main issue raised for this case was that of providing > adequate notice and support to existing NIS+ users. The > requirement to announce the upcoming EOL of NIS+ as soon as > possible in order to head off new adoption of the technology > was seen as conflicting with the requirement not to panic > existing users. > > The committee decided that a three step schedule: > > 1. adequate notice > > 2. availability of all replacement technology > > 3. actual EOL > > would satisfy both requirements and imposed technical > changes needed to obtain such a schedule. See [2] for > opposing views. > > {[2] Email discussion. File: mail} > > o PSARC/2004/638 (Removal of Sun Directory Server 5.1 from Solaris WOS) was > denied. The denial was overturned on appeal and iDS was removed from > the Solaris WOS. That removal impacts the removal of NIS+ as the > opinion states: > > 4.10. Potential Impact on NIS+ Removal > > PSARC/2000/370 "EOL of NIS+" states: > "Note: the approval of this case {PSARC/2000/370} does > not authorize the actual removal of NIS+ support from > Solaris. That removal will need to be the subject of > another case. That case will depend on at least: > > PSARC/2000/311 NIS+/LDAP Migration > > PSARC/2000/363 Native LDAP phase II > > PSARC/2001/101 Bundling of LDAP Directory Server" > > Without a bundled LDAP directory server, the preconditions > for the removal of NIS+ from Solaris are not met and NIS+ > may not be removed from Solaris based on the approved archi- > tectural decisions. > > Details: > ======= > * PSARC/2000/311 NIS+/LDAP Migration and PSARC/2000/363 Native LDAP > phase II have both been delivered since Solaris 9. > > * 1) adequate notice > The announcement of the EOL of NIS+ has been completed since Solaris 9 > The current (S10u8) NIS+ man pages contain the note: > NIS+ might not be supported in future releases of the > Solaris operating system. Tools to aid the migration from > NIS+ to LDAP are available in the current Solaris release. > For more information, visit > http://www.sun.com/directory/nisplus/transition.html. > > * 2) availability of all replacement technology > With the integration of PSARC/2008/745 nss_ldap shadowAccount support > in the current development release and the back port to S10u8, > all the functionality that was provided by NIS+ is now available > using a LDAP directory server as a name service (i.e., nsswitch.conf > configuration such as shown in the delivered sample nsswitch.ldap). > > * With the permission to remove the bundled LDAP Directory Server by > the approval upon appeal of PSARC/2004/638, the conditions of > PSARC/2000/370 are not met by the Solaris "letter of the law". > > The "traditional" Solaris view of what is bundled software appears > to be changing with the next Minor release's introduction of the > "OpenSolaris" distribution and "Solaris Next" "marketing release". > The project team believes that OpenLDAP for OpenSolaris > (PSARC/2008/507) and/or Sun OpenDS (LSARC/2008/372) meet the > "intent of the law" as written in PSARC/2000/370 for having a > "Bundled" LDAP Directory Server. They are "distributed" with > OpenSolaris/Solaris Next. The project team has verified that both > OpenLDAP and OpenDS support at least all the name service databases > and attributes supported by NIS+. (As does the "unbundled" Sun > Java System Directory Server.) > > Proposal: > ======== > As all the requirements outlined in PSARC/2000/370 have been met, remove > all the NIS+ related interfaces and documentation in the a Minor release. > (PSARC/2000/370 details the user and administrative commands, RPC services, > and Programming API to be removed.) > > Issues: > ====== > Conversion of an existing NIS+ server's Tables to LDAP needs to be > completed on a system that supports NIS+. Once NIS+ has been removed. > conversion using the processes described in "Transitioning From NIS+ to LDAP" > (http://docs.sun.com/app/docs/doc/817-2655/6mia7mum5?a=view) isn't > available. To mitigate this, the project team notes that the announcement > was made in Solaris 9 and the project will ensure that the installation > documentation of the Minor release that removes NIS+ will clearly state > that the conversion must take place before installation. > > The project team proposes adding to the Solaris Next System > Administration Guide a section similar to: > Transitioning from NIS+ to LDAP on Solaris Next: > <Warning> An existing Solaris 9 or 10 NIS+ Server and Client system must > be available for the Transition. > > 1. On a system, install Solaris Next (or Solaris 9 or Solaris 10) > with the desired Directory server. > 2. Configure the Directory server as documented in System admin guide > http://docs.sun.com/app/docs/doc/816-4556/sundssetup-13?l=en&a=view > This details the steps for Sun ONE Directory server, similar > configuration steps need to be done if other Directory servers > like OpneLDAP or OpenDS are used. > 3. Migrate the NIS+ tables as documented in System admin guide > http://docs.sun.com/app/docs/doc/816-4556/nisplus2ldap-1?l=en&a=view > 4. Continue by installing Solaris next with a configured name server > that refers to the Directory server of step 1. >