On Thu, Oct 02, 2014 at 10:33:02AM +0000, Michael van Elst wrote: > [email protected] (Thomas Klausner) writes: > > >I think there is no particular need to have openldap in the base > >system; I don't see any particular integration, and it puts more > >burden of maintenance on us. I think that installing openldap from > >pkgsrc should be good enough. > > openldap is used by postfix, sshd and amd. There is also pam-ldap in > pkgsrc that we might want to import into base. > > All this is only using the client part of openldap.
I would support removing the server parts of openldap but wonder whether this would actually reduce maintenance burden. It would reduce attack surface on some systems. -- Thor Lancelot Simon [email protected] "From the tooth paste you use in the morning to the salt on your evening meal, it's easy to take for granted the many products brought to us with explosives." - Institute of Manufacturers of Explosives, "Explosives Make It Possible"
