Craig White wrote:
>
> ----
>>> The point of authenticating against LDAP is rarely do you only want
>>> user/id authentication but you also want address books/user lists and
>>> other attributes that can be useful such as e-mail address.
>> But those may or may not be the same ones you'd find in AD.
> ----
> any reasonable LDAP implementation allows you to define the DN (or DN's)
> to be used for various purposes
But the people managing AD may have no interest in supporting other
applications.
> ----
>>> In addition, jabber servers do have to store attributes about users so
>>> there's little to be served by marrying PAM functions in.
>> I'd settle for not having yet another password.
> ----
> sure - makes sense - how many different jabber servers are you running?
A couple, currently used by small sets of people but it's likely to
expand (the people, not necessarily the servers). I want to set up at
least one of them with OpenNMS spewing its notifications into a
multiuser chat room that the network operators can join.
> ----
>>> What you should have noticed here Les, is that Windows AD users are
>>> mostly clueless to how LDAP works and integrating Windows AD/LDAP into
>>> other software is a challenge for them.
>> Which is why you'd want to set up PAM once, not
>> login/ssh/imap/pop/http/smtp/samba and all those other applications that
>> want a password. Especially when you want to be able to add local
>> accounts in addition to using a network authentication mechanism.
> ----
> sure - makes sense - how many different jabber servers are you running?
>
> You are simply looking through a lens that says corporate users,
> corporate login accounts, etc. That's fine but I get the distinct
> impression that it is hardly the typical setup.
When someone mentions AD, I'd assume corporate users, existing logins,
existing passwords and password change policy - and probably some
MS-centric people managing it who may not want to help glue on some
open-source parts.
--
Les Mikesell
lesmikesell at gmail.com