Overview

With dnsmasq there is a very small, simple, powerful, and reliable combined dns server, dns cache, dhcp server, and tftp server. It's got everything you need to serve a small home/classroom/school sized network that can include thin clients. It's very easy to configure (dns just serves up the /etc/hosts file with auto-dns support for dhcp clients), and its dhcp server can easily be configured to serve anything like auto-proxy config or different boot options for different thin clients. It's small enough to run on a OpenWRT? router or QNAP NAS.

One of the things a small network like this really needs is an LDAP server for managing users. It needs to be small and efficient, with enough grunt to support at least 100 clients and 1000 users when running on something like a router or NAS. It must be powerful enough to support most commonly used functionality, but familiar and simple to configure. It absolutely must be reliable and secure enough for the home/classroom/school environment. I believe that they should be written in C (widely used and fast) using an event-loop design (threads suck).

Objectives

Primary objectives are;

  1. Support enough LDAP functionality for pam-ldap and nss-ldap to work for clients.
  2. Serve familiar /etc passwd group shadow files directly with no special file formats.
  3. Easily support ~100 clients and 1000 users on router level hardware.
  4. Keep the code small and simple, using existing libraries as much as possible.

Secondary objectives are;

  1. Support TLS and SASL for security in a slightly untrustworthy network.
  2. Support additional nss files like hosts networks netgroup etc.
  3. Support writes enough so that pam-ldap updates using passwd chfn chsh work.
  4. Support samba domain authentication and schemas.
  5. Support arbitrary schemas served from passwd like files.
  6. Support ACLs?.

Alternatives

Existing LDAP servers;

entente looks very interesting.

Existing Libraries

  • async event framework
    • libevent
    • libev
  • datastructures
    • glib
  • TLS secure network transport
    • openssl
    • gnutls
    • CyaSSL?
    • stunnel
    • stud
  • SASL secure authentication
    • cyrus-sasl
    • gsasl
    • cyrus saslauthd




subject:
  ( )