On Wed, 2009-11-04 at 17:01 -0500, Brian Mathis wrote:
In my extremely limited experience with LDAP, it seem that the problem is not "LDAP" itself, but how to structure it. Most howtos walk you through installing whatever software, and then say "OK, now you have LDAP!"
The problem is that LDAP is useless without a structure and data inside of it. You are usually left with a blank canvas after the install is complete. It's a very daunting task to start sticking things in there without any guidance on the best way to structure it, especially since this is supposed you be the be-all end-all directory of everything and anything you do wrong now you need to live with for your entire life.
One argument is that everyone has different requirements, but there's got to be some kind of reasonable default that could be used for setting up something like distributed password auth. As you mention, Active Directory does this, and maybe a structure like that is a reasonable default to recommend/include for people who don't need to fully architect a directory structure for a global company.
---- The structure is simple if you understand LDAP and horrifically confusing if you don't understand LDAP.
If you use CentOS-DS or Fedora-DS, they are opinionated enough upon initial setup to give you a predefined structure so I am not sure where the problem lies except that you still don't understand LDAP so it is of little use.
From it's conception, LDAP was not designed to do user authentication.
It happens to work and it can work well and each office/network has its own requirements. I myself have done things differently most times I have set it up for a company...no big deal except that I had to learn how it worked. It's amazing the amount of justification that people can come up with for not learning how technology works.
Craig