[sork] Re: [PATCH] new ldap driver for passwd

[Roel Gloudemans]

Hi Philipp,

To do it right I think the choice how to log on should be configurable. 
The correct way from a security point of view is using the own userdn 
(one less admin password in a config file), but I've seen situations 
where the admin dn would be better.

The shadow parameters are for password policies. Why should they be 
removed? (I for one use them to make passwords expire and to warn the 
user when this is going to happen)

I like the ssl addon.

On a broader perspective: Maybe it is better to e.g. merge passwd and 
accounts. There are a few functions you would like to have on both 
sides (it test I have even have an accounts module that can talk to an 
AD; no passwords yet though, but you would need to have admin access to 
the directory). Cheers,
Roel.


Quoting Thielpark Systeme GmbH - Philipp Offermann <offermann at thielpark.de>:

> Hi,
>
> I wrote a new driver for passwd based on the ldap driver. It uses an admin
> login for logging into the ldap instead of the userdn. I removed the shadow
> functions because I don't need them, but it shouldn't be difficult to put
> them in again. Could someone please check and commit the patch or send me a
> comment?
>
> Thanks,
> Philipp
> Thielpark Systeme GmbH
>