DBIS set to replace RFC2307 and NIS

Posted on

RFC2307 was written by Luke Howard in 1998 to produce a standard for representing NIS maps in an LDAP schema, and became the de-facto way of doing it. RFC2307bis was an update to this standard but never came out of draft status, even though this schema has also been adopted in many products.

However, these standards have always suffered from a few nuisances, not the least of which for us is the problem of case insensitivity (keys in NIS are case sensitive, in LDAP with RFC2307/bis would be case insensitive). There were also some powerful features that commercial products were building in and that had some great benefits in very large scale deployments that were not standardised and were therefore incompatible with each other.

Two years ago I wrote a set of new IETF internet drafts to replace RFC2307 and RFC2307bis with a set of standards that would solve these problems. I then developed a reference implementation that implemented the new design in a user-land caching daemon, produced an NSS library compatible with Linux and Solaris that would use the daemon and a set of APIs.

My solution is called DBIS (Directory-Based Information Services). DBIS is a new LDAP schema, a user-land caching daemon written in Python, a client tool and supporting APIs. See also DBIS and RFC2307: A Comparison.

I am now discussing options for adding DBIS support into Linux autofs with the upstream maintainer, which will involve producing the already planned C API, I have opened a discussion regarding adding support for DBIS Netservices into sudo (which simplifies netgroups) as well as preparing to talk about DBIS at the LDAPCon 5th international conference in the University of Edinburgh School of Informatics in November.

If there is anyone on this list that would like to download DBIS and kick the tyres, I’d be very happy to hear your feedback, incorporate ideas for improvement etc.

I'd really like to generate a discussion regarding:

a) How RHEL should integrate with DBIS in the future.
b) Whether Red Hat should have further input into the design of the DBIS schema and the DBIS C API that would make it easier for that integration work to occur. It would be a pity for Red Hat to miss the boat while these are still internet drafts and lose the ability to influence the future shape of DBIS.
c) Whether Red Hat should assist in adding DBIS support to autofs. I am already working with the upstream maintainer of Linux autofs to achieve the same end goal.
d) If Red Hat have any input on how DBIS netservices are integrated into sudo. I have already started a discussion with the upstream sudo maintainers. Netservices are designed to make netgroups easier to use by being the new place to define roles & permissions while leaving netgroups to define just groups of users & hosts.

Best regards,
Mark.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.