[Pdns-users] Status of the LDAP backend in 3.0 release

bert hubert bert.hubert at netherlabs.nl
Wed Mar 23 09:05:51 UTC 2011


Unless something happens, the LDAP backend will move to 'unmaintained'
status in the 3.0 release.  Please read below for the how and why of this,
and what could possibly be done to change this.

The brief version is that someone will have to step up to maintain the LDAP
backend, or a PowerDNS user will have to fund us to do so. But see below for
more background on how PowerDNS development happens.

On Wed, Mar 23, 2011 at 10:10:13AM +0200, Nick Milas wrote:
> I always hope that a developer can sometime provide fixes for these,
> [LDAP issues] esp. 260 & 313 which are bugs (and not feature requests).

To clarify, PowerDNS development happens because one or more of the
following three reasons:

 1) We think something has wide utility, or is good for the internet or DNS,
    and should be in PowerDNS. 
 2) There are people in the PowerDNS community developing & maintaining it.
 3) There are end-users with support contracts that need it, or there are
    end-users willing to fund the development directly.

(there are also some other reasons, for example, we sometimes build features
for users in return for other things they have done for us, sort of an open
source exchange of favours. Part of PowerDNSSEC happened in this way.
We also develop quite some things because, frankly, we find them cool)

For LDAP, right now none if these things is the case. 1) We don't feel that
LDAP is a particularly good or interesting place to store DNS data. It will
for example have big problems with PowerDNSSEC because of lack of ordering.

2) We thank Norbert for his years of maintenance, but apparently he feels the
same way, or at least has no time. But he did a great job.

3) Finally, nobody has come forward with more than 'hope' that we'd restart
work on the LDAP backend (ie, support contracts or funding).

If we spend time on LDAP, we don't spend it on something else unless we hire
more help. And as long as '3' is not the case, that won't happen.

It may be good to realise that almost all big new PowerDNS features (TSIG,
(Power)DNSSEC, Lua filtering, DNS64) have been made possible by PowerDNS
users funding the development.

So, unless something changes, we will only make sure that OpenLDAP keeps
compiling, and to merge patches submitted by the community. The
documentation will be updated to this effect, and so will the 3.0 release

> Would it help to request e.g. openldap developers with DNS
> background (through their mailing list) to possibly show interest in
> resolving them (since no one in pdns mailing list has volunteered
> and Norbert has stopped support)?

What you are probably seeing is that the level of 'care' for LDAP is not
quite there. I don't think the OpenLDAP developers would be interested in
maintaining one of their dependencies.

So while I feel your pain, and I'm not happy about it, for now this is the
way it is going to be, unless someone steps up to either maintain the LDAP
backend, or comes up with some funding to do so.

Kind regards,

Bert Hubert

More information about the Pdns-users mailing list