Hi, The Name Service Switch (NSS) mechanism is the industry standard way to interact with user accounts stored into a ldap directory on Unix-like systems.
Unfortunately DragonFly cannot use it, the reasons beeing: - NSS works by loading dynamic libraries, and this cannot be done with static binaries (fundamental dlopen(3) limitation) - DragonFly /bin and /sbin binaries are static In order to make DragonFly compatible with the NSS mechanism, we thus need to use dynamic binaries for /bin and /sbin. Some BSD based operating systems already moved from static to dynamic binaries for these directories. * NetBSD switched in 2002: http://www.bsdnewsletter.com/2002/08/News34.html * FreeBSD switched in 2003: http://lists.freebsd.org/pipermail/freebsd-arch/2003-June/000644.html Using dynamic binaries in /bin and /sbin is not so difficult; I have been running a few machines with such a system for a while. NSS authentication modules from dports work out of the box. Unfortunately, there are some fears dynamic binaries are not as reliable as static ones and that static binaries must be kept to recover from future potential breakages. FreeBSD and NetBSD use a /rescue directory on the root filesystem for this purpose. This rescue thing is the most problematic part, not because of some technical challenges but due to general disagreement among developers. Discussions in the IRC channel are going nowhere. In doubt, I have created a minimal /rescue directory with some essential binaries from /bin and /sbin linked statically, like NetBSD and FreeBSD did more than 10 years ago. The rescue and dynamic root features are in two separate git branches: - http://gitweb.dragonflybsd.org/~ftigeot/dragonfly.git/shortlog/refs/heads/dfly_rescue - http://gitweb.dragonflybsd.org/~ftigeot/dragonfly.git/shortlog/refs/heads/dfly_dynamic_root My plan is to push the rescue part first and then the dynamic root one a while later. Ideally we would have dynamic binaries for the 3.8 release. I should probably trim /rescue a bit first though; I initially started to add static versions of all /bin and /sbin binaries to it and this is a bit overkill for a minimal repair system. Its current size is 38MB on amd64 hosts. -- Francois Tigeot
