Re: [ldapext] DBIS - new IETF drafts

Mark R Bannister <> Thu, 04 December 2014 00:10 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id DA2581ACF73 for <>; Wed, 3 Dec 2014 16:10:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3e3NDQ4fpHiQ for <>; Wed, 3 Dec 2014 16:10:55 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 428DD1ACF6A for <>; Wed, 3 Dec 2014 16:10:55 -0800 (PST)
Received: from ([] helo=[]) by with esmtpa (Exim 4.71) (envelope-from <>) id 1XwK0T-0007Oq-Ns; Thu, 04 Dec 2014 00:10:54 +0000
Message-ID: <>
Date: Thu, 04 Dec 2014 00:10:50 +0000
From: Mark R Bannister <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Arthur de Jong <>,
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailcore-Auth: 12040446
X-Mailcore-Domain: 1286164
Subject: Re: [ldapext] DBIS - new IETF drafts
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Dec 2014 00:10:59 -0000

On 08/01/2014 21:14, Mark R Bannister wrote:
> On 07/01/2014 22:25, Arthur de Jong wrote: 
>> Also, you may be interested in looking at the nss-pam-ldapd code. It
>> seems to have a somewhat similar design as the ideas described in the
>> DBIS Reference Implementation. There is even a work-in-progress Python
>> implementation that you could replace with a DBIS implementation.
>> Anyway, that's it for now. Perhaps I'll take a further look in a few
>> days.
> Thanks I had a look at your code already.  I may be able to re-use 
> some of it, possibly the NSS layer, however quite a lot of it becomes 
> redundant or would have to be rewritten for DBIS.  I think the 
> architecture I have designed in dbis_cachemgr will scale better on 
> busy enterprise servers and will handle LDAP server outages more 
> gracefully, as I have worker threads that can operate on many 
> connections simultaneously while sharing a pool of LDAP connections.
> Best regards,
> Mark. 

Hi Arthur et al,

I have been quiet all year on the subject of DBIS as I have been busy 
producing a reference implementation.  I am very pleased to report that 
the first version of a fully working reference implementation is now 

A brief reminder, DBIS is slated as a replacement for NIS, RFC2307 and 
RFC2307bis.  It is highly compatible with these and should be viewed as 
the next evolution of them.

This is written in Python, so should be highly portable, although I've 
developed it on OpenSuSE 12.1 and have not yet tested it on any other 

Arthur, I have used some of your nss-pam-ldapd code, specifically the 
NSS library code (not the server-side).  I hope you like what I've done 
with it.

I have also made some changes to the internet drafts, many of those 
changes based on feedback I received from helpful folk on this mailing 
list at the beginning of the year.  My blog from last year provides the 
relevant links to those drafts, with some further background reading:

I look forward to receiving further feedback over the coming weeks. 
Also, any offers of help kindly appreciated.  This includes, proof 
reading, testing on other platforms, standardization and evangelism.

Best regards,
Mark Bannister.