Edit detail for LightLdapd revision 1 of 6

1 2 3 4 5 6
Editor: DonovanBaarda
Time: 2013/12/24 00:39:00 GMT-5
Note:

changed:
-
Overview
--------

With dnsmasq there is a very small, simple, powerful, and reliable
combined dns server, dns cache, dhcp server, and tftp server. It's got
everything you need to serve a small home/classroom/school sized
network that can include thin clients. It's very easy to configure
(dns just serves up the /etc/hosts file with auto-dns support for dhcp
clients), and its dhcp server can easily be configured to serve
anything like auto-proxy config or different boot options for
different thin clients. It's small enough to run on a OpenWRT router
or QNAP NAS.

One of the things a small network like this really needs is an LDAP server
for managing users. It needs to be small and efficient, with enough grunt
to support at least 100 clients and 1000 users when running on something
like a router or NAS. It must be powerful enough to support most commonly
used functionality, but familiar and simple to configure. It absolutely
must be reliable and secure enough for the home/classroom/school
environment. I believe that they should be written in C (widely used
and fast) using an event-loop design (threads suck).

Objectives
----------

Primary objectives are;

1. Support enough LDAP functionality for pam-ldap and nss-ldap to work for clients.
2. Serve familiar /etc passwd group shadow files directly with no special file formats.
3. Easily support ~100 clients and 1000 users on router level hardware.
4. Keep the code small and simple, using existing libraries as much as possible.

Secondary objectives are;

1. Support TLS and SASL for security in a slightly untrustworthy network.
2. Support additional nss files like hosts networks netgroup etc.
3. Support writes enough so that pam-ldap updates using passwd chfn chsh work.
4. Support samba domain authentication and schemas.
5. Support arbitrary schemas served from passwd like files.
6. Support ACLs.

Alternatives
------------

Existing LDAP servers;

  * OpenLdap
  * https://github.com/vlm/ldap-server-example
  * https://github.com/urbanserj/entente
  * http://www.fefe.de/tinyldap/

entente looks very interesting.

Existing Libraries

  * async event framework

    - libevent
    - libev

  * datastructures

    - glib

  * TLS secure network transport

    - openssl
    - gnutls
    - CyaSSL
    - stunnel
    - stud

  * SASL secure authentication

    - cyrus-sasl
    - gsasl
    - cyrus saslauthd


Overview

With dnsmasq there is a very small, simple, powerful, and reliable combined dns server, dns cache, dhcp server, and tftp server. It's got everything you need to serve a small home/classroom/school sized network that can include thin clients. It's very easy to configure (dns just serves up the /etc/hosts file with auto-dns support for dhcp clients), and its dhcp server can easily be configured to serve anything like auto-proxy config or different boot options for different thin clients. It's small enough to run on a OpenWRT? router or QNAP NAS.

One of the things a small network like this really needs is an LDAP server for managing users. It needs to be small and efficient, with enough grunt to support at least 100 clients and 1000 users when running on something like a router or NAS. It must be powerful enough to support most commonly used functionality, but familiar and simple to configure. It absolutely must be reliable and secure enough for the home/classroom/school environment. I believe that they should be written in C (widely used and fast) using an event-loop design (threads suck).

Objectives

Primary objectives are;

  1. Support enough LDAP functionality for pam-ldap and nss-ldap to work for clients.
  2. Serve familiar /etc passwd group shadow files directly with no special file formats.
  3. Easily support ~100 clients and 1000 users on router level hardware.
  4. Keep the code small and simple, using existing libraries as much as possible.

Secondary objectives are;

  1. Support TLS and SASL for security in a slightly untrustworthy network.
  2. Support additional nss files like hosts networks netgroup etc.
  3. Support writes enough so that pam-ldap updates using passwd chfn chsh work.
  4. Support samba domain authentication and schemas.
  5. Support arbitrary schemas served from passwd like files.
  6. Support ACLs?.

Alternatives

Existing LDAP servers;

entente looks very interesting.

Existing Libraries

  • async event framework
    • libevent
    • libev
  • datastructures
    • glib
  • TLS secure network transport
    • openssl
    • gnutls
    • CyaSSL?
    • stunnel
    • stud
  • SASL secure authentication
    • cyrus-sasl
    • gsasl
    • cyrus saslauthd