+1, and good riddance!
- Garrett
Gary Winiger wrote:
> I'm sponsoring this Fast Track for Raja Gopal Andra, the RPE naming team,
> and the NIS+ core team. It requests removal of all the NIS+ related
> interfaces and documentation in a Minor Release. While this is somewhat
> long, the case owner and project team believe it still qualifies for a
> Fast Track as the length details the how the EOL required dependences are
> satisfied.
>
> This project is unrelated to pam_ldap(5) and has no effect on it or
> the Sun Java System Directory Server.
>
> The current NIS+(1) man page and redacted opinions for PSARC/2000/370 (EOL of
> NIS+) and PSARC/2004/638 (Removal of Sun Directory Server 5.1 from Solaris
> WOS)
> are in the case directory.
>
> The timer is set for 12 Oct., 2009.
>
> Gary..
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Background:
> ==========
> NIS+(1) seems to have been introduced prior to the recording of PSARC cases
> in 1991. The first references I've found are Vikul Khosla's nisaddcred flag
> (PSARC/1992/187) and Chuck McManis' NIS+ diagnostics (PSARC/1992/188) cases.
> They refer to NIS+, but not to any previous cases, though ZNS demos
> (PSARC/1991/023) seems somehow related. The NIS+ promise never achieved
> sufficient traction to supplant NIS (nee YP). X500 directory servers and
> the Lightweight Directory Access Protocol (LDAP) have supplanted the promise
> of NIS+. EOL of NIS+ (PSARC/2000/370) started the process leading to this
> case.
>
> Dependences:
> ===========
> o PSARC/2000/370 (EOL of NIS+) opinion states:
>
> 2. Decision & Precedence Information
> . . .
> Note: the approval of this case does not authorize the
> actual removal of NIS+ support from Solaris. That removal
> will need to be the subject of another case. That case will
> depend on at least:
>
> PSARC/2000/311 NIS+/LDAP Migration
>
> PSARC/2000/363 Native LDAP phase II
>
> LSARC/2001/101 Bundling of LDAP Directory Server
> {actually PSARC/2001/101 -gww}
>
> 4. Opinion
>
> The main issue raised for this case was that of providing
> adequate notice and support to existing NIS+ users. The
> requirement to announce the upcoming EOL of NIS+ as soon as
> possible in order to head off new adoption of the technology
> was seen as conflicting with the requirement not to panic
> existing users.
>
> The committee decided that a three step schedule:
>
> 1. adequate notice
>
> 2. availability of all replacement technology
>
> 3. actual EOL
>
> would satisfy both requirements and imposed technical
> changes needed to obtain such a schedule. See [2] for
> opposing views.
>
> {[2] Email discussion. File: mail}
>
> o PSARC/2004/638 (Removal of Sun Directory Server 5.1 from Solaris WOS) was
> denied. The denial was overturned on appeal and iDS was removed from
> the Solaris WOS. That removal impacts the removal of NIS+ as the
> opinion states:
>
> 4.10. Potential Impact on NIS+ Removal
>
> PSARC/2000/370 "EOL of NIS+" states:
> "Note: the approval of this case {PSARC/2000/370} does
> not authorize the actual removal of NIS+ support from
> Solaris. That removal will need to be the subject of
> another case. That case will depend on at least:
>
> PSARC/2000/311 NIS+/LDAP Migration
>
> PSARC/2000/363 Native LDAP phase II
>
> PSARC/2001/101 Bundling of LDAP Directory Server"
>
> Without a bundled LDAP directory server, the preconditions
> for the removal of NIS+ from Solaris are not met and NIS+
> may not be removed from Solaris based on the approved archi-
> tectural decisions.
>
> Details:
> =======
> * PSARC/2000/311 NIS+/LDAP Migration and PSARC/2000/363 Native LDAP
> phase II have both been delivered since Solaris 9.
>
> * 1) adequate notice
> The announcement of the EOL of NIS+ has been completed since Solaris 9
> The current (S10u8) NIS+ man pages contain the note:
> NIS+ might not be supported in future releases of the
> Solaris operating system. Tools to aid the migration from
> NIS+ to LDAP are available in the current Solaris release.
> For more information, visit
> http://www.sun.com/directory/nisplus/transition.html.
>
> * 2) availability of all replacement technology
> With the integration of PSARC/2008/745 nss_ldap shadowAccount support
> in the current development release and the back port to S10u8,
> all the functionality that was provided by NIS+ is now available
> using a LDAP directory server as a name service (i.e., nsswitch.conf
> configuration such as shown in the delivered sample nsswitch.ldap).
>
> * With the permission to remove the bundled LDAP Directory Server by
> the approval upon appeal of PSARC/2004/638, the conditions of
> PSARC/2000/370 are not met by the Solaris "letter of the law".
>
> The "traditional" Solaris view of what is bundled software appears
> to be changing with the next Minor release's introduction of the
> "OpenSolaris" distribution and "Solaris Next" "marketing release".
> The project team believes that OpenLDAP for OpenSolaris
> (PSARC/2008/507) and/or Sun OpenDS (LSARC/2008/372) meet the
> "intent of the law" as written in PSARC/2000/370 for having a
> "Bundled" LDAP Directory Server. They are "distributed" with
> OpenSolaris/Solaris Next. The project team has verified that both
> OpenLDAP and OpenDS support at least all the name service databases
> and attributes supported by NIS+. (As does the "unbundled" Sun
> Java System Directory Server.)
>
> Proposal:
> ========
> As all the requirements outlined in PSARC/2000/370 have been met, remove
> all the NIS+ related interfaces and documentation in the a Minor release.
> (PSARC/2000/370 details the user and administrative commands, RPC services,
> and Programming API to be removed.)
>
> Issues:
> ======
> Conversion of an existing NIS+ server's Tables to LDAP needs to be
> completed on a system that supports NIS+. Once NIS+ has been removed.
> conversion using the processes described in "Transitioning From NIS+ to LDAP"
> (http://docs.sun.com/app/docs/doc/817-2655/6mia7mum5?a=view) isn't
> available. To mitigate this, the project team notes that the announcement
> was made in Solaris 9 and the project will ensure that the installation
> documentation of the Minor release that removes NIS+ will clearly state
> that the conversion must take place before installation.
>
> The project team proposes adding to the Solaris Next System
> Administration Guide a section similar to:
> Transitioning from NIS+ to LDAP on Solaris Next:
> <Warning> An existing Solaris 9 or 10 NIS+ Server and Client system must
> be available for the Transition.
>
> 1. On a system, install Solaris Next (or Solaris 9 or Solaris 10)
> with the desired Directory server.
> 2. Configure the Directory server as documented in System admin guide
> http://docs.sun.com/app/docs/doc/816-4556/sundssetup-13?l=en&a=view
> This details the steps for Sun ONE Directory server, similar
> configuration steps need to be done if other Directory servers
> like OpneLDAP or OpenDS are used.
> 3. Migrate the NIS+ tables as documented in System admin guide
> http://docs.sun.com/app/docs/doc/816-4556/nisplus2ldap-1?l=en&a=view
> 4. Continue by installing Solaris next with a configured name server
> that refers to the Directory server of step 1.
>
